Financial institutions, whether banks, thrifts, securities firms, financial services providers, insurance firms, or credit unions, are heavily impacted by government compliance regulations and by regulatory agencies. Regulations such as the Gramm Leach Bliley Act impose standards for information security that these firms (and others who store sensitive financial data such as mortgage brokers and insurance firms) must adhere to. Regulatory agencies such as the Office of the Comptroller of the Currency, Office of Thrift Supervision, Federal Trade Commission, Securities and Exchange Commission, Federal Reserve System, and others have issued further rules and regulations for their regulated entities regarding how to specifically implement IT security programs to comply with the provisions of GLBA. The Federal Financial Institutions Examination Council (FFIEC) has published numerous rules and interagency guidelines describing detailed information security and risk management requirements. In addition to GLBA and other specific banking industry regulations, many banks and financial institutions are impacted by Sarbanes Oxley, and are further impacted by the security standards found in the Payment Card Industry Data Security Standard.

In the financial industry, the impact of failing to adequately protect the private financial data of customers and consumers is significant. Possible consequences of failure include fines from regulators, brand damage and loss of confidence among customers, lost business, and loss of market value.

Continued growth in outsourcing business processes in the financial industry has heightened the need for effective risk management and compliance programs. It is not uncommon for large banks to have hundreds or thousands of vendors and 3rd party business partners to whom they outsource critical business processes. Banking regulators have taken the position that financial institutions can outsource the process but not the responsibility for risk assessment and management. Financial institutions require effective risk management processes to understand and manage risks introduced by these third party relationships.

Insurance companies are regulated by various organizations, including state insurance regulators, and by the FTC at the federal level. IT compliance regulations impacting insurance companies include GLBA (if they are capturing personal financial data), PCI (if they are accepting credit cards for payment), and SOX (if they are public companies). In addition, health and life insurers are subject to the provisions of the HIPAA Privacy and Security rules.

Financial organizations require compliance solutions that are capable of assessing risk and managing compliance for both internal and external resources. In addition, to fully address the pain that financials are experiencing with respect to compliance, solutions should be capable of measuring compliance to GLBA, PCI, and SOX.

The ControlPath solution for financial organizations provides the ability to easily assess both internal and 3rd party vendor risk, to apply appropriate controls, and to manage the remediation process. The ControlPath Compliance Suite automates the entire compliance and risk management process for GLBA, PCI, SOX, and related FFIEC guidelines. ControlPath has also adopted the BITS standards for assessing and managing risk from third parties. These standards, known as the Standardized Information Gathering (SIG) questionnaire and the Agreed Upon Procedures (AUP), provide a common reference for financial institutions and service providers. The integration of this technology into the ControlPath Compliance Suite provides financial organizations with a best practices approach to vendor risk management, along with the most advanced automation capabilities.

ControlPath increases the effectiveness of financial firms compliance efforts while dramatically reducing compliance program and associated labor costs.