Blog

Non-compliance creates significant risk with mobile banking products

August 8, 2013 by Kevin Christensen — Vice President, Audit, SHAZAM

This post continues a series on risk assessment for mobile banking apps.

Regulations on mobile-banking products, services, and practices continue to evolve alongside the technology that supports these next-generation solutions. Keeping up to date on the rules and requirements is imperative for financial institutions that are entering the brave new world of mobile.

Mobile Threat No. 10: Mobile banking not in compliance

Not meeting the letter of the law not only subjects your FI to the risk of regulatory scrutiny and possible fines, but also undermines your customers' confidence in your ability to adequately and fairly provide the latest technology.

To lessen the risk:

As you select vendor partners and technology providers to work with you in the execution of your mobile strategy, ask them the tough questions:

Does your information security program comply with the Gramm-Leach-Bliley Act?
Are the proper disclosures and notifications accessible to users, and are updates easily communicated and accepted by users?
If credit information is available, does the system comply with the Truth in Lending Act (Regulation Z)?

In addition to getting the answers to questions like this, be sure you have a compliance team (or an individual assigned to compliance) in place to keep track of changing regulations that may affect your mobile-banking application.

Be aware that regulations can be tricky; while they may not seem to have bearing on a mobile app specifically, there can be an indirect impact that could land you in hot water if you're not aware and in compliance by the stated deadline.

Next time, we'll discuss the risks posed by malware on mobile devices.

Read more about mobile banking.