Home > Expertise > Governance, Risk and Compliance > Banking Compliance

Guarantee your banking compliance and ensure your security

FORMIND, qualified PASSI (Prestataire d’Audit de la Sécurité des Systèmes d’Information) by ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information), can help you develop your IT security and resilience, while ensuring compliance with cybersecurity regulations and standards in the banking sector.

Contact-us

73 %

In 2022, the volume of distributed denial-of-service attacks targeting financial companies jumped by 22% worldwide and 73% in Europe.
Financial Services Information Sharing and Analysis Center (FS-ISAC) report, January 2023

Cybersecurity regulations and standards reinforcement against an increasingly threatening cyber environment

To combat the exponential growth in cybercrime, IT security’s regulations and standards in the banking sector have been recently tightened.

As a result, companies in the financial sector must ensure their compliance not only with various regulations, but also with the norms and standards essential to their operations.

On the European level:

The DORA (Digital Operational Resilience Act) regulation, which financial institutions will have to comply with by January 2025, reinforces IT risk requirements, particularly in terms of resilience. This regulation also harmonizes several standards published by the European regulator (European Banking Authority) and some requirements from existing regulations for all financial institutions and their ICT (Information and Communication Technology) service providers.

The GDPR (General Data Protection Regulation) enforces obligations on companies protecting citizens’ personal information. Formind, through its offers and dedicated experts,

can help you to ensure the security of all your users’ data throughout their lifecycle.

Lastly, the PSD2 (Payment Services Directive 2) is implemented since 2018 in a fast-changing payment context with a high raise regarding frauds, and new actors : third-party payment services (TPP, Third Party Providers). Thus, its two main cybersecurity objectives are:

Systematize the use of strong authentication mechanism to assure valid user identification
Standardize and secure information exchanges by implementing APIs

On the national level:

Whether you’re an OIV (“Organisme d’Importance Vitale” – Vital Importance Organism) under the French Military Programming Law (LPM), an OSE (“Organisme de Service Essentiel” – Essential service organism) under the NIS directive, or soon to be an EI (“Entité Importante” Important entity) or EE (“Entité Essentielle” – Essential entity), Formind has a team of specialists, particularly focused on the certification process to be implemented

Requirements specific to the banking sector:

PCI-DSS (Payment Card Industry – Data Security Standard) is the data security norm for the card payment industry (Visa, Mastercard, JCB, Discover, American Express), which applies to all actors in the payment chain processing, transmitting, handling and storing card payment data.

The PCI-DSS standard, particularly in its latest version 4.0, is designed to protect not only end-users, but also all the links in the electronic payment chain, to prevent theft or loss of banking data. The PCI-DSS standard must be followed to be able to deal with card issuers: Visa, Mastercard, JCB, Discover, American Express.

The SWIFT network (Society for Worldwide Interbank Financial Telecommunication) is a secured worldwide communication infrastructure used by financial institutions to exchange financial information in a standardized way. It is the main way by which banks and other entities from financial field communicate and do worldwide transactions. Securing its infrastructure for the SWIFT network, notably through its Customer Security Program (CSP), is an essential measure to guaranty confidentiality, integrity and availability of financial transactions.

In this context, Formind can support you in all areas to ensure compliance with regulatory standards and maintain the confidence of your customers and stakeholders.

Our adaptable solutions

Formind offers you a complete range of adaptable solutions, from assessing your company’s maturity to carrying out blank audits in real-life conditions, as well as providing implementation support.

Assessing your maturity level

Contextual analysis to take into account your scope and specificities
Gap analysis and identification of remediation actions
Production of a roadmap setting out the actions to be implemented and an assessment of the associated costs.
Reporting results and managerial synthesis

Support for compliance

Definition of the governance to be implemented
Implementation support
Management and creation of monitoring and performance indicators

Blank audit

Real-life interviews
Collection and analysis of relevant evidence
Gap analysis and identification of remedial actions
Drafting of blank audit report
Reporting results and managerial synthesis

A multidisciplinary GRC team and banking experts

90 certified people dedicated to GRC issues, with multiple areas of expertise (governance, resilience, integration, risk analysis, architecture, etc.).
Auditors specialized in the banking field

Adaptable offers and clear objectives to meet your needs

Formind can provide you with tailor-made offers to meet any specific needs you may have.
Thanks to their expertise and experience, our consultants can adapt to your objectives, economic constraints, business challenges and development goals.

Putting our knowledge and experience at your disposal

Tools, methods and deliverables to accelerate our services
A global view of compliance practices and strategies in your industry

Our approach to help you achieve your goals

Our clients references

Our customer’s CISO team launched a DORA compliance project. Formind was asked to carry out the first stages of this project:

A compliance report
Definition of a compliance roadmap

As part of the SWIFT declaration, the customer wanted:

To assess his SWIFT CSCF maturity (head office and subsidiaries)
To identify strengths and areas for improvement in all entities
Action plans to remedy non-conformities
To do SWIFT declarations

Definition of PCI DSS compliance strategy
Drafting of the project’s guideline
Project management assistance and steering reporting at group level

FAQ

Do my company must comply with the DORA regulation (Digital Operational Resilience Regulation)?"

All financial institutions must comply with DORA regulations. Furthermore, if your company is a service provider in the financial sector, and these services depend on Information and Communication Technologies (ICT), then it is also subject to DORA regulations. For an accurate assessment, Formind can help you with a DORA maturity analysis.

What are “DORA Level 2” texts?

Level 2 texts are important in the context of the DORA regulation, as they plan coverage for some critical elements, including technical standards governing computer incidents and the classification of cyber threats, standards governing the notification of major computer incidents and cyber incidents to the authorities, as well as technical standards governing essential contractual provisions.

NIS 2 and DORA: which law prevail?

The DORA regulation stipulates that it constitutes the “lex specialis” of NIS2. This means that DORA is a specific regulation which takes precedence over the more general NIS2 directive.

What does the principle of proportionality imply?

The principle of proportionality implies that financial institutions should apply IT risk management requirements considering their size, overall risk profile, as well as the nature, scope, and complexity of their services, activities, and operations.

Let's stay in touch

Our experts can provide you with ongoing support for your cyber issues. Do you have a question? You’ve come to the right place, and we’ll get back to you within 24 hours!