Mobile Banking in South Florida – A Smart ‘Bet’ If You Know the Risks
by Kevin M. Levy on September 12, 2011
A recent Forrester Research report predicts that one in five U.S. adults will be using mobile banking services by 2015. As South Florida has the 2nd largest concentration of banks in the U.S. and is the 6th largest telecommunications hub in the world, many in the industry are literally “banking” on the success of mobile banking services in the South Florida market. Coupled with the exponential growth of entrepreneurs and the technology industry in South Florida, the local region is poised to develop and launch cutting-edge and hyper-responsive mobile banking services.
According to Kevin Levy, a technology law attorney for the law firm Gunster, mobile banking services are not only gaining in popularity, but they are also becoming easier. However, Levy is quick to point out, despite the increased interest and safeguards being built into mobile banking services, financial institutions need to remain vigilant when assessing how to implement these services because the industry has caught the attention of unscrupulous hackers.
To stay ahead of the game and protect not only their own interests, but also the interests of their customers, financial institutions interested in implementing mobile banking services need to carefully review and systematically apply the rules set forth in multiple federal regulations, including the Gramm-Leach Bliley Act, and the related Privacy Act and Regulation P, as well as the USA Patriot Act, Bank Secrecy Act, various state data breach statutes and the more recent Dodd-Frank Act. These federal regulations impose strict requirements on financial institutions, including the obligation to conduct a full risk assessment, adopt and follow appropriate policies and procedures, and adapt those policies and procedures as circumstances dictate.
Levy also notes that it is critical to have a strong compliance team in place that consistently and thoroughly trains personnel on how to comply with the regulations, enforces applicable policies and procedures, and scrutinizes vendors and vendor agreements. Financial institutions need to ensure that their vendors have either a SAS 70 audit (which is being phased out) or a SSAE 16 audit. Financial institutions also need to require that outsourcing agreements with vendors include, among other terms, appropriate confidentiality, data ownership and disaster recovery provisions, and do not include overly restrictive disclaimers of warranties and limitations of liability in favor of the vendor.
For more information contact Kevin Levy.