The professional services network PricewaterhouseCoopers (PwC) today announced that it will be introducing new safety regulations to re-establish the confidence of investors and clients in the stability of the financial sector.
The pressure for tighter regulations has been cited as the effect of an increasing demand of quality and secure online services after the financial crisis of 2008. New regulations will include better management of the safety of online payments and the protection of personal data.
"These new national and European regulations are not just a matter of IT, but will have a significant impact on IT services. The IT people and 'Security Officers' responsible must keep abreast of the changes to come, in order to anticipate and incorporate them into their plan of action," explained Vincent Villers, partner and IT Risk and Security Leader at PwC Luxembourg.
At a conference held late last week, more than forty Chief Information Officers and system security managers, PwC experts put forward an inventory of the proposed two-part changes.
The first of these changes involved the system of secure online payment transactions, which the company indicated as an essential component in the exchange of goods and services and as a potential loss to customer confidence if cases of credit card fraud were not prevented. This will be remedied by Article 15/603 of the CSSF, which will require payment service providers to implement and strengthen risk assessment and security measures, such as the procedure for identifying and authenticating customers, so that clientele will be better protected against fraud.
The second part of the programme will initiate a reform of EU legal framework to protect personal data. This further proposal will reinforce the rights of the people involved but faces the challenge of globalisation and new technologies.
"The new directive on data protection will benefit businesses. But it will also bring its share of challenges. Businesses will have to prepare and put compliance programmes into place, whilst at the same time controlling their costs, as soon as the new law comes into effect," noted Sami El Euch, Director at PwC Luxembourg.
However, the reason for collecting this data and their subsequent use has been said to change from company to company, with each business required to address the impacts the future law will have on its organisation and formulate a programme to which it would be able to adhere.
With the adoption of the bill expected in 2016, and its implementation in 2018, each company is expected to use the time available until the law is enforced to assess the form of data it collects, the manner in which this information is employed, and the level of protection subsequently required.
It is expected that these motions, in conjunction with the adoption of risk management measures and the reporting of serious incidents to competent national authorities, will reaffirm public confidence in the relevant corporations.
Photo Credit: PwC (L-R: Florian Bewig (Director), Vincent Villers (Partner, IT Risk et Security Leader), Vivien Bilquez (Manager), Sami El Euch (Director) )
