Document security for improved compliance
Finally, years after the global financial crisis and the new regulations and consumer mistrust it produced, banks are looking at forecasts of increased consumer and commercial lending activity. However, their inefficient, slow and error-prone paper-based loan origination processes could leave many of them at a competitive disadvantage – and compliance hazard.
According to a global study by IDC, 37% of document processes in financial services are still driven by paper. Transforming loan origination to eliminate the delays, errors and costs of paper and manual processes will be critical to any bank’s ability to compete for, win, satisfy and retain customers.
However, the multifunction printers (MFPs), mobile phones and tablets that will be important tools in streamlining loan origination are points of vulnerability that could find banks out of compliance with regulatory requirements. Customers’ non-public information (NPI) and personally identifiable information (PII) are at risk every time a loan-related document or form is created, scanned, copied, printed, faxed or emailed.
To strengthen their competitive position, banks need to replace manual processes with automated document capture and distribution that eliminates the drag and expense of paper, enhances document security and improves regulatory compliance.
Compliance and Security Challenge
Strengthening and simplifying regulatory compliance is a key reason for banks to speed up loan origination. Laws such as Gramm-Leach-Bliley, Dodd-Frank and Sarbanes-Oxley require financial institutions to identify reasonably foreseeable internal and external threats that could result in unauthorized disclosure, misuse, alteration or destruction of customer information or customer information systems.
These laws also require banks to implement administrative, technical and physical safeguards to protect the security, integrity and confidentiality of customers’ NPI and PII. Penalties for non-compliance include monetary fines against the institution, officers and directors with possible imprisonment for the most serious criminal violations.
The problem for bank chief information officers and compliance officers is that security vulnerabilities and potential compliance breaches exist at every information touch point. While an automated loan origination process eliminates unnecessary production and improves distribution of loan documents, the only way documents containing NPI or PII can be scanned, copied, printed, emailed or faxed within regulatory compliance is under a system incorporating technological security and authentication. Here are our suggestions for important pillars to maintain such a system:
Authorization. Password- or smartcard-based authentication assures that only authorized staff can access specific devices, network applications and resources. Network authentication is seamlessly integrated with document workflow, ensuring optimal security.
Authentication. User credentials must be verified at the capture device by providing identification or by swiping a smartcard to access documents containing customer information. Once users are authenticated, the system needs to apply rules and permissions to control what users can do on an MFP. Controls include redacting and even prohibiting documents that contain NPI or PII from being printed, faxed or emailed.
Encryption. Communications between MFPs and mobile devices, the server and allowed destinations must be encrypted to ensure documents are only visible to users with proper authorization.
File Destination Control. Simultaneous monitoring and auditing of information in documents ensures proper management before the information ever gets to its intended destination. The system needs to maintain a complete audit trail that captures all MFP and document activity.
Content Filtering. Automatic enforcement of security policies proactively prevents NPI or PII from leaving the bank by filtering outbound communications and intercepting documents headed to unauthorized destinations.
Secure Output. When documents need to be printed, print management capabilities can prevent exposure of customer information by holding print jobs in a secure print queue and not outputting them until the bank employee signs in at the printer and selects the specific documents to output.
These capabilities need to be extended with the same level of security to mobile devices, allowing bankers to create, receive, access, route and output documents from smartphones and tablets. Secure completion of forms on mobile devices, including electronic and digital signatures, helps to eliminate the need for paper.