The Regulatory Outlook for 2025 and What That Means for Banking IT By Brad Giddens, Director of Sales; FID, Integris, a Synergy Endorsed Partner With a new administration coming in, 2025 promises to be a year of change. But will it significantly impact banking regulation and your bank’s cybersecurity? No one has a crystal ball, of course, but recent global outlooks1 for the banking industry seem to point to two conclusions: 1. Banking regulation will likely loosen overall as our new president seeks to fulfill his campaign promise to lower government oversight of businesses. 2. Banking cybersecurity regulation, however, is likely to tighten as the government seeks ways to strengthen national security in the money system. Given this, banks will spend more money in 2025 to harden their cybersecurity defenses and mature their overall operations. Our recent report reveals this sentiment: 86% of the 1,000 bank executives we interviewed said they were increasing their IT budget by more than 10% next year. Five Ways to Stay ahead of Banking Regulation for Cybersecurity in 2025 1 Tighten up your third-party vendor management If the CrowdStrike outage2 taught us anything, it’s that third-party vendors have the power to upend your business without warning. A simple failed update to CrowdStrike’s cybersecurity platform managed to snarl business operations for hours or even days at some of America’s largest banks, including Chase, Bank of America, U.S. Bank and more, costing millions in lost transactions. Many banks have agreements with vendors about what data they’ll have access to and the overall rules of engagement. But have you thought about: y Written agreements in your procurement process that discuss access to data, your physical locations and physical documents? y Written protocols and statement of work that outline your vendor relationship for your employees and your vendor? y Automated tools that track compliance metrics for your vendors and monitor their performance? y Incident response and disaster recovery plans that kick into action if your vendor suddenly goes offline. How would your system backup in the event your vendor went dark? Backing up operations around your third-party vendors could be an added expense that pays dividends over time. 2 Rethink your data classification As more banks experiment with AI platforms like Copilot for M365, or data analysis tools, the need for classifying levels of access to documents and data sets has become too important to ignore. Many countries worldwide are calling for businesses to tighten up classifications around their documents as a foil to nation-state hackers or undue influence from foreign governments. As cybersecurity rules tighten around data classification, and you’re looking to reclassify, ask yourself these questions: y How vulnerable would we be if this document fell victim to malicious hacker activity? y Would anyone who now has access to this document be able to exert undue influence over us or others with this information? y Would foreign governments gain an advantage from having this information? Let this be an additional consideration for your classification levels. Examine your protocols and get them in writing for your employees. Make document safety training a new and expanded part of your security awareness training. 3 Tighten up your physical security When did you last review the physical security protocols for your branches, office spaces, and physical file storage? Ask yourself: y Who has access to these spaces? How do we vet them? Is it time to upgrade the way we monitor passwords and access? y Can we eliminate the need for physical files? Can we improve the isolation and disposal of sensitive printed documents? y Have we fully considered what climate risks might affect our branches and offices? Has the risk increased in your area, and how will that impact your protections? Is it time to expand our insurance to include flood coverage? Do we have emergency operations plans to cover a sudden hurricane, earthquake, tornado or mudslide? Is our cyber risk insurance well positioned to cover our IT operations in these emergencies, or do we need to increase the size and scope of our policy? Once you’ve answered these questions and upgraded your protocols and written procedures, arrange for a technical inspection of all your facilities each year to ensure adherence. SYNERGY BY ASSOCIATION 40 Winter 2025 • BANKING MATTERS
RkJQdWJsaXNoZXIy Nzc3ODM=