In the event of a security incident, our Rapid Response Force is available 24/7.
FORMIND, qualified PASSI (Prestataire d’Audit de la Sécurité des Systèmes d’Information) by ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information), can help you develop your IT security and resilience, while ensuring compliance with cybersecurity regulations and standards in the banking sector.
73 %
In 2022, the volume of distributed denial-of-service attacks targeting financial companies jumped by 22% worldwide and 73% in Europe.
Financial Services Information Sharing and Analysis Center (FS-ISAC) report, January 2023
To combat the exponential growth in cybercrime, IT security’s regulations and standards in the banking sector have been recently tightened.
As a result, companies in the financial sector must ensure their compliance not only with various regulations, but also with the norms and standards essential to their operations.
On the European level:
The DORA (Digital Operational Resilience Act) regulation, which financial institutions will have to comply with by January 2025, reinforces IT risk requirements, particularly in terms of resilience. This regulation also harmonizes several standards published by the European regulator (European Banking Authority) and some requirements from existing regulations for all financial institutions and their ICT (Information and Communication Technology) service providers.
The GDPR (General Data Protection Regulation) enforces obligations on companies protecting citizens’ personal information. Formind, through its offers and dedicated experts,
can help you to ensure the security of all your users’ data throughout their lifecycle.
Lastly, the PSD2 (Payment Services Directive 2) is implemented since 2018 in a fast-changing payment context with a high raise regarding frauds, and new actors : third-party payment services (TPP, Third Party Providers). Thus, its two main cybersecurity objectives are:
On the national level:
Whether you’re an OIV (“Organisme d’Importance Vitale” – Vital Importance Organism) under the French Military Programming Law (LPM), an OSE (“Organisme de Service Essentiel” – Essential service organism) under the NIS directive, or soon to be an EI (“Entité Importante” Important entity) or EE (“Entité Essentielle” – Essential entity), Formind has a team of specialists, particularly focused on the certification process to be implemented
Requirements specific to the banking sector:
PCI-DSS (Payment Card Industry – Data Security Standard) is the data security norm for the card payment industry (Visa, Mastercard, JCB, Discover, American Express), which applies to all actors in the payment chain processing, transmitting, handling and storing card payment data.
The PCI-DSS standard, particularly in its latest version 4.0, is designed to protect not only end-users, but also all the links in the electronic payment chain, to prevent theft or loss of banking data. The PCI-DSS standard must be followed to be able to deal with card issuers: Visa, Mastercard, JCB, Discover, American Express.
The SWIFT network (Society for Worldwide Interbank Financial Telecommunication) is a secured worldwide communication infrastructure used by financial institutions to exchange financial information in a standardized way. It is the main way by which banks and other entities from financial field communicate and do worldwide transactions. Securing its infrastructure for the SWIFT network, notably through its Customer Security Program (CSP), is an essential measure to guaranty confidentiality, integrity and availability of financial transactions.
In this context, Formind can support you in all areas to ensure compliance with regulatory standards and maintain the confidence of your customers and stakeholders.
Formind offers you a complete range of adaptable solutions, from assessing your company’s maturity to carrying out blank audits in real-life conditions, as well as providing implementation support.
A multidisciplinary GRC team and banking experts
Adaptable offers and clear objectives to meet your needs
Putting our knowledge and experience at your disposal
Do my company must comply with the DORA regulation (Digital Operational Resilience Regulation)?"
All financial institutions must comply with DORA regulations. Furthermore, if your company is a service provider in the financial sector, and these services depend on Information and Communication Technologies (ICT), then it is also subject to DORA regulations. For an accurate assessment, Formind can help you with a DORA maturity analysis.
What are “DORA Level 2” texts?
Level 2 texts are important in the context of the DORA regulation, as they plan coverage for some critical elements, including technical standards governing computer incidents and the classification of cyber threats, standards governing the notification of major computer incidents and cyber incidents to the authorities, as well as technical standards governing essential contractual provisions.
NIS 2 and DORA: which law prevail?
The DORA regulation stipulates that it constitutes the “lex specialis” of NIS2. This means that DORA is a specific regulation which takes precedence over the more general NIS2 directive.
What does the principle of proportionality imply?
The principle of proportionality implies that financial institutions should apply IT risk management requirements considering their size, overall risk profile, as well as the nature, scope, and complexity of their services, activities, and operations.
Our experts can provide you with ongoing support for your cyber issues. Do you have a question? You’ve come to the right place, and we’ll get back to you within 24 hours!