The coronavirus lockdown prompted a quick shift by many financial institutions to business continuity modes and consumers to online banking interactions. But will this movement ultimately impact information management and governance?
In responding to the immediacy of the pandemic situation, many credit unions, and banks, exacerbated by a survival methodology, moved to remote customer contacts and at home workforces with little time to consider all of the complications at stake from connected data practices and compliance hazards.
Information governance encompasses business stability and consumer transparency issues applied to document and records management, email, social media, cloud and mobile computing, and the management and output of information. However, even during a COVID-19 crisis financial, organizations still need to manage their information and how governance reacts around and behind it.
Are they proactive? Reactive? How do they deliver and receive data and gathering loan signatures? Abiding by regulations? What is their security for personal identifiable information (PII)?
Enable Information Governance to Prevent Breach and ID Theft Threats
Some information management issues involve insufficient training of customers and staff.
A recent FBI public service announcement recently warned of cyber-actors attempting to exploit new mobile banking customers using a variety of techniques, including Trojans and fake banking apps.
Scammers use fraudulent apps, often coupled with social engineering, to trick users into giving up their login credentials, then attacking financial accounts with those stolen IDs. The IRS, for example, advised Americans to guard against phishing scams using emails, texts and calls that mention “stimulus check”; and the FTC warned consumers not to fall for vaccinations and bogus home test kit offers.
Staff working from home could be susceptible as well.
| Yikes! 52% does not have new security tools in personal laptops |
A very recent IBM survey of more than 2,000 newly remote staff found 93% of them confident in their company’s ability to keep PII secure. Yet 52% used their personal laptops for work–often with no new security tools to secure them. For example, do their laptops have continuous malware and virus protections? Another 45% did not receive any new training for securely handling information, and more than half did not receive new guidelines on how to handle PII either. Yikes!
Information Governance and Remote Online Notarization
The use of remote online notarization (RON) could also present a predicament regarding regulations and compliance issues. Proponents of RON received a boost with an Iowa decision of a coronavirus-prompted allowance of this procedure. The move further paved the way for the legalization of RON in that state, which enables the notarization using audio and video technology. The rules, including those governing ID verification and video recordkeeping, maintain the notarization’s integrity, protecting lenders and borrowers from fraud.
According to the Mortgage Bankers Association, only 23 states allow remote notarizations, with more than 30 RON bills introduced in more than 20 state legislatures in 2019. The website Millionacres.com noted a number of states moved rapidly to change existing notarization laws in response to the current situation. In addition, U.S. Senators Mark Warner (D-VA) and Kevin Cramer (R-N.D.) introduced the “Securing and Enabling Commerce Using Remote and Electronic (SECURE) Notarization Act of 2020″ on March 18. The legislation would make remote online notarizations legal around the country. However, a national RON law has yet to pass.
With COVID-19 reshaping how borrowers interact with lenders requiring limited physical interactions and exposure, are there information governance issues over signatures that could impact financial institutions later on in the bottom line? Without any national RON guidelines, could identity risks and anti-money laundering/know your customer issues still remain?
How Information Governance Helps You Take Control of Information
What happens if some of the new regulations shielding data finds financial institutions accountable for not protecting information? Financial institutions have to look at the potential fines, reputational risk and damages resulting from information mishandling.
Though no specific national privacy rule currently exists, for credit unions and banks, the presence of member-sensitive information does require adherence to data privacy laws and regulations such as the Fair Credit Reporting Act, the California Consumer Privacy Act (CCPA), which took effect on Jan. 1, 2020, and even the European Union’s General Data Protection Regulation, which took effect in 2018. Proposals currently in the U.S. Senate seek to establish national guidelines on how companies gather, employ, peddle, and share customer data. Proposals also seek to provide consumers with the capacity to control their information.
U.S. businesses must also follow individual state laws regarding the collecting, storing, or processing of personal data. Legislation enacted by all 50 states, the District of Columbia, Puerto Rico, and the U.S. Virgin Islands requires private entities or government agencies to notify individuals impacted by security breaches that may compromise PII.
Meanwhile the CCPA, no longer under a six-month enforcement grace period, now provides Californians with a level of protection for personal information, comparable with the General Data Protection Regulation (GDPR), which rules over data protection and privacy for individuals within the European Union. CCPA also requires recordkeeping as of January 1, 2019.
The California attorney general can impose financial penalties up to $2,500 for non-willful violations and $7,500 for intentional violations of the CCPA. These numbers can multiple rapidly depending on the number of users impacted.
The traditional records and data management seen over the past several years will not cut it for addressing financial institution’s increasingly sophisticated compliance needs and regulatory demands, and the urgency to retain members and innovate.
The Center for Internet Security’s (CIS) identifies a minimum level of information security control all organizations that collect or maintain personal information should meet including data protection and the maintenance, monitoring and analysis of audit logs.
Information governance goes beyond outmoded records-administration and holds the key to leveraging future bank and credit union accountholder growth, risk management, data asset-value and competition within financial services.