Posts

Os33 Workplace cloud complies with FINRA, SOX, SOX11

Compliance on the Cloud 101

What is Compliance?

Compliance when dealing with cloud computing can be an issue for those using cloud storage or backup services. When you transfer data from your internal storage to a cloud provider’s you must examine how that data is stored so that you stay in compliance with laws and regulations. Financial cloud computing, for example, requires IT sox compliance to ensure quality of service.

In 2002 the Sarbanes-Oxley Act (SOX) was implemented as a response to huge accounting scandals. Companies like Enron, Global Crossing and others misled investors and cost shareholders billions of dollars. This, in turn, changed the IT world forever. What does this have to do with IT? It changed how we approach things like storage, data, security and other functions. 

Cloud compliance is, simply put, a principle that states a cloud based system must be compliant with standards that the cloud customer faces.

Compliance departments ensure that businesses conform to established rules and it’s important to understand, when switching over to a cloud service, how and in what ways the cloud meets compliance standards. Luckily, there are cloud providers that ensure compliance with regulations like SOX. 

If you’re in the financial services industry there are a few things to think about when considering an IT solutions cloud provider. 

How Compliance Works 

A global survey conducted by Veritas Technologies, a data management company, revealed that of the 13 countries and 1,200 businesses surveyed, 69 percent of organizations or 828, wrongfully believed that data protection, data privacy and compliance are the responsibility of the cloud service provider.

It isn’t.

When it comes to cloud compliance you need to be aware of the data you should move to the cloud and the data that should remain in house, the questions you need to ask of your cloud provider and what be written in a service-level agreement (SLA) to maintain industry compliance.

When SOX was first written, it explicitly left out how regulations should be met. This ensured that industries could adopt the most recent technology instead of having to wait for lawmakers to catch up to technology. Because of this, the cloud is a viable infrastructure for financial companies that forced to adhere to compliance rules. 

 The way IT departments store records changed due to the implementation of SOX. Regulations state what kind of information needs to be stored that relate to SOX compliance. Things like electronic records and messages, spreadsheets and emails are considered valuable and fall under the regulation.  

It’s important that you not take this for granted, and evaluate your SLA’s with the provider.

The first thing that organizations need to do is be aware of the type of services they use. There may be certain information that’s regarded as highly confidential and a company may decide to keep it on an internal network. Or if it is moved to the cloud, it’ll be a private cloud that will be hosted on the premises.

Nerds Support has a hybrid cloud in a secure location that has military grade security.

Ensuring Cloud Compliance 

Once your company has decided what information is to be transferred over to the cloud look at the contracts you have between with your cloud provider. Depending on whether the cloud is internal or external the approach will be slightly different. If it’s external, you have to make sure both you and the provider are clear about what type of data should reside on their cloud services and how they’ll protect said data. If it’s an internal cloud, are you going to have internal compliance checklist to make sure you’re within the regulatory standards?

With cloud financial services, customers and cloud providers share the responsibility to maintain compliance. It’s the duty of the organization to investigate the security policies of the vendor. 

Important questions to ask include: 

  • Where is data stored?
  • Who has access to the storage areas or data centers?
  • How is my data protected?

Compliance 101 SOX FINRA Cost Statistics

Service Organization Controls 

In some cases, companies can look at providers that certify compliance and chose their services without any further research. There are times, however, where a company will have to be more thorough and get involved in the cloud providers security to make sure it complies with industry standards. When it comes to SOX compliance, however, you should look for a vendor that provides you with Service Organization Controls.

This report enables user auditor to evaluate audit risks associated with the use of a financial cloud provider.   

It’s also important to establish and verify benchmarks that help check the effectiveness of the security around your data on the cloud.  Make sure your provider uses federal government guidelines for cloud security if it’s based in the US.

In order to avoid miscommunications between your cloud provider and your organization, make sure you take the time to classify the data in level of importance, delegating carefully what is suitable for the cloud and what needs to remain internally stored. Have the right contracts and go through them, establishing what will be covered under their services and how they’ll protect and back up your data. A business continuity plan is also imperative, just in case of any hiccups.

Nerds Support has cloud services that comply with financial regulations.

Contact us today to schedule a free IT assessment that can identify gaps in your IT infrastructure.

Financial firms use finacial cloud computing to remain competitive

How Financial Firms Can Digitize & Stay Competitive

Financial organizations are using financial cloud computing technologies to remain competitive as new research reveals banking and finance are becoming more dependent on emerging technology.  

In the old days, the cloud technology was adopted by small start-ups who didn’t have legacy architecture in place or the resources necessary to develop their own onsite IT. Now, larger institutions are moving to the cloud as well. Financial cloud computing stems from the growth of modern cloud providers. They have better security, compliance controls and privacy features. Furthermore, a modern cloud provider can automate many of the manual tasks that could put companies at risk if done improperly. Companies use the cloud to meet compliance and cybersecurity standards.
Although transition to the cloud requires upfront investment, for many financial firms the change means more than cutting costs.

Changing Demographic & Tech

56 million Millennials (ages 23-37) were working or looking for work in 2017, according to the PEW research center, making them the largest portion of the U.S. labor force. This means millennials are becoming the largest drivers of the economy. Millennials are on average more technologically savvy than the previous generations and have driven growth towards a more digital economy.

Banks and other financial institutions must adapt to account for this new trend. Digital banking users have increased from 26% to 51% between the years 2012 and 2017, according to the U.S. Federal Reserve. Consumers are banking digitally, meaning through desktops, laptops, tablets and smartphones.

82% of consumers ages 18-24 were using mobile banking platforms in 2017, indicating a shift towards a more personalized banking experience. They also want to sign up for banking services without needing to visit a physical branch.  

Valued Digital Financial Banking Features Statistics

The Rise of Mobile Banking

Based on a 2018 survey, PwC, a professional services firm, found that mobile users grew from 10% in 2017 to 15% in 2018. This means mobile banking is becoming more popular as time passes. Taking all of these statistics into account, banks should adjust their priorities towards increasing and personalizing digital banking services. There is growing competitive pressure coming from companies like Alibaba and financial startups to go digital in terms of how companies should function and engage with customers.The goal is to make banking services available to people in remote locations where they may others be unable to access local branches.

Digitalization 

Digitalization is also far less expensive than banking in a traditional brick-and-mortar branch. PwC ‘s report titled  Bank of the future: Finding the right path to digital transformation, mentions how some banks create full on digital native banks that use completely digital customer interface and back end.

The report also says, that branch transactions cost about $4 each, while online and mobile transactions cost $0.09 and mobile transactions cost $0.19. Automation is the biggest channel in terms of growth for many businesses across the board.

Going digital makes banks more agile as well. It allows them to quickly adapt to changing customer trends and tastes. Going digital will provide for a testing ground for new services and products where a bank would otherwise have to commit to a strategy and hope it’s successful.

Financial Cloud Computing 

It’s possible to use modern IT infrastructure to set up a digital bank using third party architecture, also known as cloud services or cloud computing. In other words, one can set up an entirely digital bank without the need for internal IT, which would be a huge financial barrier. Instead, one may outsource hardware, software and maintenance to a cloud provider, further decreasing costs and risks.

The true benefits of the cloud appear as teams use these features to operate in more dynamic, agile and efficient ways. The cloud uses virtual machines, digital computers to share and distribute new projects across platforms and devices.

The main reasons companies are adopting the cloud are to improve mobile access and collaboration. Collaboration services improve workplace efficiency, communication and overall improves their bottom line. Companies that migrated to the cloud experienced a 19.3 percent faster growth than those who hadn’t.

Furthermore, the average financial services firm uses 1,004 different cloud services, according to a study by Skyhigh. The survey was performed for 3.7 million finance employees across more than 14,000 cloud services. The report was anonymous and tracked the usage data of bank employees, insurance companies, investment firms etc. Also, the fastest growing cloud service category in the industry is collaboration. This included programs like Microsoft office, Gmail and Evernote.

Security & Compliance: IT Solutions for Finance

While this might sound exciting it means nothing in such a heavily regulated industry as finance. Less than 0.1 percent of financial firms using the cloud meet compliance requirements and security standards. IT solutions for financial institutions are subject to human error as it is. But many cloud providers lack the experience and expertise to help manage highly sensitive data financial institutions must keep secure for their clients. Choosing the wrong provider could mean failure to comply with PCI DSS, SOX, and GBLA standards. This means looking for a provider that specializes in high-end security that complies with these governmental regulations with extreme care. A cloud provider that you can trust, means a firm your clients can trust as well.

A secure cloud means not only compliance, but proactive preventative IT solutions for financial firms specifically. Even secure cloud services pose a risk. A hacker can gain access to data stored in the cloud using login credentials obtained through targeted social engineering or malware. It’s a common practice for users to rely on same passwords with multiple online accounts. 31 percent of people reuse the same passwords, according to a University of Cambridge study.

Multi-factor Authentication

A hacker could gain access to an employees Instagram or twitter account and those to login to other cloud accounts. Look for a cloud service with multi-factor authentication, this decreases the likelihood of this happening. For example, with a multi-factor authentication process, even if your passwords were obtained, the employee would receive a notification on their mobile device requesting authorization. If authorization isn’t given through the device, the user cannot gain access.

Some cloud services providers, like Nerds Support, use programs that require users to change their passwords every month, further decreasing the chances of a breach. The same Cambridge study also revealed users rely on the same 20 unsecured passwords as login credentials. Changing passwords periodically will force the user to create new and distinct login credentials. Highly trained systems engineers could provide further insight into crafting intricate passwords that are inaccessible to anyone except the user.

 

Nerds Support has 17+ years of experience helping financial institutions digitalize while meeting important IT compliance.

Do What’s Best for Your Firm

 It’s important to understand that digitizing everything is not necessarily the best option. Each bank is different and has different strengths and core capabilities. You might not be in a place to fully digital overhaul.

In order to succeed in digitizing where others fail is to define and evaluate your long term strategy. PwC suggests you consider the questions:

  •  What do we want to be known for?

  • What consumer segments are we targeting?

  • What are our core capabilities and how can a digital strategy strengthen them?

Many industries are also on the way towards digitization in order to appeal to the Millennial and Gen -Z that’s following behind. This also means that adopting a digital infrastructure is going to be pivotal in business-to-business (B2B) interactions.

Having outdated or incompatible business models may become a deterrent to industries you want to service and conversely, an updated, innovative structure may appeal to start-ups or bigger companies that are looking to change and want to work with work with institutions that they feel will help them achieve their goals.

Contact Nerds Support today for a complimentary IT assessment where we identify gaps and areas of opportunities in your IT infrastructure.

Transform your team into an agile, lean, modern work environment with Nerds Support’s IT Solutions.

Financial women blind-folded in front of books representing regulatory compliance.

Regulatory Compliance: Compliance is Everything

The Need For Regulatory Compliance

Regulatory compliance is  a dull subject. Yet, if your financial institution or business ignores or isn’t aware of it –it could cause problems.

Regulatory compliance ensures organizations follow state and federal law, as well as federal standards and procedures. That may sound simple enough, but considering the variety of mandated regulations like HIPAA, SOX and PCI DSS, falling out of compliance happens fairly frequently. If that happens, you’re looking at possible audits, federal fines, even public scrutiny and negative attention that comes with an investigation. In a time where social media shapes perception, a company cannot risk losing business because of their reputation.

The reality is, not maintaining regulatory compliance only takes you towards significant revenue loss for your organization, or even worse.

Penalties for violating SOX compliance standards, for example, and can lead to millions of dollars fines, removal from listings on the public stock exchange and even years in prison. That is why compliance is often the focus of an organization’s security system.

Regulatory Compliance Isn’t Easy But…

While there are different types of compliance regulations for different industries, the three largest are HIPPA, SOX and PCI DSS. Your particular organization might need to comply with one or all three. Whatever the case may be, it’s important to familiarize yourself with the specifics of the regulations that apply to you. That being said, it’s possible to think you are taking the necessary measures to ensure compliance and still be in violation of one or more regulations. This happens unintentionally or unknowingly.

Some of the reasons for this might be because you’re referencing outdated material, updated or new wording of rules replaces old and misunderstandings on how these laws are interpreted by the various enforcement agencies.

Furthermore, these regulations are constantly changing and keeping track of all the minute alterations can take time and energy better used on other business related goals.

 

Cloud Compliance

Cloud computing for banking and investment services involves a lot of data. Even processing data has to go through regulatory benchmarks. These benchmarks are called Data localization laws. Cloud compliance just means that a cloud service provider is meeting regulatory standards required for their clients.

Data localization is important to understand financial cloud compliance. It should not be confused with data sovereignty. Data localization laws require personal data to be handled in a specific territory instead of a cloud provider. Laws in different countries often differ regarding this. Here are some financial tech support requirements you need to verify with any potential cloud provider.

SOX Compliance

SOX requires the following to be bench-marked, audited and monitored regularly, specifically sections 302, 404, and 409:
• Information Access
• Internal controls
• Database activity
• Account activity
• User activity
• Network Activity
• Login activity

Industry Costs of Compliance Statistics
IT Security:

The Gramm-Leach-Bliley (GLB) Act requires companies legally defined as “financial institutions” to ensure the security and confidentiality of sensitive client information. Therefore, IT security is an essential requirement everyone in the financial services industry.  Given the nature of the data a financial organization possesses, there are serious repercussions for shirking this responsibility.

Make sure the right controls are installed to avoid data breaches and you have the tools ready to alleviate any issues if they occur. Investing in services that monitor and protect your financial database is essential to complying with regulation.

Data Backup:

Always keep backup systems to protect your sensitive data. Both data centers and on-site IT infrastructure are subject to the same SOX compliance requirements. Finance IT solutions is not only about support but security as well.

Access Controls:
This regards both electronic and physical systems put in place to stop unauthorized users from viewing sensitive financial information. Part of this is adopting effective security measures like implementing multi-factored authentication, keeping servers or data centers in secure locations.

What Can You Do?

Considering you are in the best position to look after your businesses’ affairs, you should familiarize yourself with the most recent regulatory compliance information. Knowing as much as possible about the nuances of regulatory mandates prepares you to understand compliance regulations. Moreover, you can leverage this information to stay updated on any changes and plan accordingly.

You should then adopt IT solutions for finance that are in complete compliance with industry standards. That means finding cloud financial support with expert knowledge on regulation and compliance.

You should try to find an organization that creates a customized infrastructure that serves your specific requirements. Additionally, it should take into consideration all the standards mentioned previously: HIPAA, SOX and PCI DSS.

For more information on compliance standards and compatible IT solutions visit our website or call us at (305) 551-2009 and we’ll answer any questions or inquires you might have.

Accounting Firms SOX Compliance

Are You an Accountant? What You Should Know About SOX Compliance

Background & History of SOX

The Sarbanes-Oxley (SOX Compliance) Act of 2002 mostly came about due to a great deal of national attention surrounding several financial and accounting scandals by major corporations in the early-to-mid 2000’s. These corporations, like Enron, Tyco International, AIG, Adelphia, Peregrine Systems, and WorldCom were discovered to have executives within each organization who falsified accounting records to either secretly steal money for themselves, or to disguise decreasing company earnings, which falsely maintained higher company stock prices.

Because of this, most of the corporations either failed or were sold off, and left in their wake thousands unemployed and billions of dollars lost

As a result, Congressmen Paul Sarbanes , D-Md., and Michael Oxley, R-Ohio, joined forces to create the SOX Act, creating an enforcement method with the goal of protecting shareholders and the general public from accounting errors and fraudulent practices in the enterprise, as well as improving the accuracy of corporate disclosures.

The Act became law on July 30, 2002 and is named after Sarbanes and Oxley, who sponsored it. The act set deadlines for meeting compliance and established requirement rules. Moreover, Congressmen Michael Oxley and Paul Sarbanes drafted the act to create more accountability in the corporate sector.

SOX Compliance Statistics Accounting

Effects & Benefits

The Public Company Accounting Oversight Board was created due to SOX, setting specific standards for audit reports. It obligates all auditors from public companies to register with them. Also, it prohibits accounting firms from doing business consulting with the companies they are auditing. They can still act as tax consultants.

SOX compliance is both a legal obligation and an effective business practice. Although, companies should behave ethically without the need for these standards. Implementing SOX  has the added benefit of protecting a company from cyberattacks like malware and ransomware. Additionally, SOX compliance includes many of the practices of any data security plan.

There are many elements of SOX compliance, all of which Nerds Support are well familiar.

IT SOX compliance solutions for accountants and CPA professionals

A Brief Overview of the Major Elements of SOX Compliance

● Public Company Accounting Oversight Board (PCAOB)

– Provides independent oversight of public accounting firms providing audit services, as well as enforcing registration of auditors, defining the specific processes and procedures for compliance audits, inspecting and policing conduct and quality control, and enforcing compliance with the specific mandates of SOX.

● Auditor Independence

– Establishes standards for external auditor independence to limit conflicts of interest, as well as addressing new auditor approval requirements, audit partner rotation, and auditor reporting requirements.

● Corporate Responsibility

– Mandates that senior executives take individual responsibility for accuracy and completeness of all corporate financial reports.

● Enhanced Financial Disclosures

– Sets enhanced reporting requirements for financial transactions, as well as requiring internal controls for assuring the accuracy of financial reports and disclosures.

● Analyst Conflicts of Interest

– Includes measures designed to help restore investor confidence in the reporting of securities analysts.

● Commission Resources and Authority

– Defines practices to restore investor trust in securities analysts. As well as defining the SEC’s authority to censure or bar securities professionals from practice.

● Studies and Reports

– Require the Comptroller General and the SEC to perform various studies and report their findings.

● Corporate and Criminal Fraud Accountability

– Describes detailed criminal penalties for altering or destroying financial records, also including any other interference with investigations, all the while providing certain protections for informants.

● White Collar Crime Penalty Enhancement

– Increases the criminal penalties associated with white-collar crimes and conspiracies.

● Corporate Tax Returns

– States the Chief Executive Officer must sign company tax returns.

● Corporate Fraud Accountability

– Identifies corporate fraud and records tampering as criminal offenses, and lists to specific penalties for such offenses. The SOX Act contains several specific, severe consequences for violations of any and all specific parts of the act.

 

Penalties for not complying with SOX can lead to fines, removal from the public stock exchange, and more. By the same token, CEOs and CFOs who knowingly submit an incorrect certification to an audit faces up to 20 years in jail and $5 million in fines.

How certain are you that your organization is operating within strict SOX compliance? With Nerds Support, you’re just a call away. Our Miami IT Solutions team is ready to help you tackle all your IT needs. With over 17 years of experience in helping leaders in the accounting industry we know how to help you succeed.