Understanding the 2021 financial services regulatory environment

  • Industry overview
  • Tools supporting financial services compliance
  • Financial services compliance

An introduction to the compliance and regulatory environment for the Australian banking, credit lender, insurance, and superannuation providers operating in global markets.

Straight to Solutions

The 2021 regulatory
environment

Financial services is one of the most regulated industries when it comes to cybersecurity, consumer protection, and the technology that keeps it all moving.

That regulation reflects the significance of the sector to the Australian economy1; financial services are critical to a national post-pandemic recovery.
For regulated entities, compliance with industry regulations is more than staying on the right side of the law.

Across banking, credit lenders, insurance and superannuation, Harbour IT’s  inhouse  Governance and Compliance team supports 30+ financial services clients to manage their IT environment - to protect data, customers, and your reputation.

Trust the financial services compliance and performance specialists aligned with APRA, ASIC, ISO 27001, ACSC Essential 8 and regulations like the Payment Card Industry Data Security Standard (PCI DSS).

Is your IT stack leaving you vulnerable or protected?

1https://www.pwc.com.au/financial-services/pwc-where-next-for-financial-services.pdf
Snapshot: Australian financial sector

Australia's financial services sector is the largest contributor to the national economy2

Directly employs ~450,000 people3
Market size = $196bn4
Businesses = 49,6615
Cyberattacks on Australian financial system are rated as a substantial risk6

How we’re supporting leading financial services brands

Pepper Money: “In our industry, security is more than an expectation – it’s the ticket to the game.”

“Harbour IT has played a crucial role in ensuring we can continue to stand in front of customers, brokers and investors and demonstrate that we take security, risk and compliance very seriously.

Our mission is to help people succeed. This is the view we have taken for the past 20 years and will continue to take with us into the future.”

Jeremy Francis, CIO
Unity Bank: “We’ve relied on Harbour IT throughout to help us maintain our operations.”

“APRA not only expect you will make sure you maintain software, they also expect you to be looking for continuous improvement and economies of scale using technology.

Even if the regulator wasn’t there we can’t operate on end of life software because it’s no longer secure.”

David Willcox, CIO, Unity Bank

Business-critical compliance driving change

Whether you're a bank, credit lender, insurance provider, or a superannuation fund - being part of a regulated industry demands attention to meet compliance standards across a range of regulators. Here’s a snapshot of the key regulations, regulators and compliance for Australian financial services.

The Australian Prudential Regulation Authority (APRA) cross-industry prudential standard for the management of information security - including information asset management by third party providers.

Who needs to comply:

APRA-regulated entities including banks, credit lenders, insurers, and superannuation funds

The Australian Securities and Investment Commission (ASIC) has regulatory powers over corporations,  managed investment schemes, the financial services industry, and credit activities under Commonwealth laws including the Corporations Act 2001 (Corporations Act), the Australian Securities and Investments Commission Act 2001 (ASIC Act) and the National Consumer Credit Protection Act 2009 (National Credit Act).

Who needs to comply:

corporations and companies specified under the Acts

Developed by the Australian Cyber Security Centre (ACSC) , the Essential 8 is a series of prioritised baseline strategies to mitigate cyber security incidents - customised based on organisational maturity and risk profile.Who needs to comply: companies working under the condition of E8 compliance, companies who want best-practice compliance and securit

Who needs to comply:

companies working under the condition of E8 compliance, companies who want best-practice compliance and securit

Global organisations of any size can choose to be certified to ISO/IEC 27001. The Standard provides requirements for an information security management system (ISMS) and delivers best-practice benefits as well as securing your reputation for compliance and security.

Who needs to comply:

not compulsory - companies who want best-practice compliance and security

The General Data Protection Regulation (GDPR) is an EU data privacy and security law for global organisations. Penalties apply for companies who breach specific privacy and security standards.

Who needs to comply:

companies who collect data, supply goods and services, or monitor individual behaviour in the EU. Different compliance applies based on being a data controller or data processor

Developed by the American Institute of CPAs (AICPA), SOC 2 is an auditing procedure you may apply to your suppliers, or be asked to meet as part of your own contracts regarding secure data management that ensures privacy protection for your organisation and your customers. The framework uses 5 trust service principles for managing customer data: security, availability, processing integrity, confidentiality and privacy.

Who needs to comply:

SOC 2 compliance is not a legal or regulatory requirement in Australia - but it is a security compliance expectation for most companies storing client information in the cloud

The PCI Security Standards Council (PCI SSC) is a global forum founded by key payment industry stakeholders. The Council’s standards for safe worldwide payments fall under 6 key goals:

  • Build and maintain a secure network
  • Protect cardholder data
  • Maintain a vulnerability management program
  • Implement strong access control measures
  • Regularly monitor and test networks
  • Maintain an information security policy
Who needs to comply:

companies working under the condition of E8 compliance, companies who want best-practice compliance and securit

Your top 3 financial imperatives

Secure compliance  
win the race to keep up with regulatory change

  • Stay compliant with evolving regulations and get their faster than your competitors
  • Partner with IT specialists to manage complexity and costs
  • Manage your legal and commercial risks - including valid accreditations

Resilience and trust optimise operations in a challenging environment

  • Adopt a customer-first mindset and pull in feedback across channels on what customers want beyond compliance
  • Work with your own teams to solve challenges and find opportunities in change
  • Use your security protections and profile to build trust and brand advocacy

Transformation
delivery of agile, secure customer experiences

  • Stay focused on growth and transformation through change
  • Identify and simplify gaps or friction in the customer experience
  • Prioritise security of customer connections - compliance trumps convenience

Where are the key risks?

In a digital-first world, consumer expectations for both service and security are higher than ever. Using compliant systems empowers your team to create change - and keep up with the modern finance customer.

  • Maintaining cybersecurity standards as business models change
  • Lack of employee awareness of ransomware, phishing and account compromise
  • Leveraging technology like AI and low-code platforms to meet demands for digital transformation

Harnessing the opportunities of
financial sector challenges

Banking

Challenge:

Meeting customer needs in a challenging operating environment

Opportunity:

Deliver online and mobile services using smarter tech infrastructure

Superannuation

Challenge:

Higher member engagement via early access schemes

Opportunity:

Seamless and flexible super access and choice of products and services

Insurance

Challenge:

Changing perceptions on what coverage is needed

Opportunity:

Harness higher consumer engagement to promote smart policies

Credit lending

Challenge:

Keeping up with evolving cybersecurity regulations

Opportunity:

Simplify compliance with trusted IT partners

How the right IT helps you grow

Integrated systems to boost internal security efficiency

Better data asset management and analysis to pinpoint opportunities for growth

Simplified compliance to reduce your risk profile

Responsive to evolving threats to shut down sophisticated attacks

Meet customer expectations for privacy, payments and services

Empower your people and your customers to safely use mobile technologies

Secure cross-border data exchanges for global reach

Seamless IT builds trust that your brand is compliant

Finance tech stack solutions

Balance business goals with compliance and performance: Harbour IT professional services consultancy

Our experienced engineers have delivered secure, compliant and high performance IT environments for hundreds of regulated Australian businesses. Creating comprehensive, end to end solutions that align with customer and staff needs, and broader business goals.

CloudMetro:
Secure and Powerful Private Cloud

CloudMetro powers rich customer experiences and performance without compromising compliance, data protection, or security. Performance meets protection with Australia’s next generation private cloud - purpose built for highly regulated industries like financial services.

  • PCI compliance – meet governance and compliance needs
  • 27001 certification – swap risk for peace of mind
  • APRA prudential guidelines – free up time, talent and budgets
  • GDPR aligned – best practice customer data management
  • Annual certification audits – stay ahead of the pack
Learn More

CloudMetro technology is supported by Cisco

High performance Hybrid cloud

Our own CloudMetro combines with Azure Public Cloud to deliver a high performing hybrid cloud environment that you can manage through our intuitive Cloud Management Platform; workloads and applications sit in the right environment to meet data, business performance, and protection requirements.

Learn More
Endpoint Security Services

Secure Endpoint Services detect, provision, deploy, update, and troubleshoot your organisation’s endpoint devices — as part of a multi-layered security strategy.

Learn More
Security Information and Event Management (SIEM)

Security Information and Event Management (SIEM) provides a unified view of your security profile and supports compliance, privacy and productivity through defence from malicious attacks.

Learn More
Vulnerability Management as a Service (VMaaS)

Vulnerability management as-a-service (VMaas) supports organisations facing data management risks who want control of their IT attack surface

Learn More

Why trust Harbour IT

  • Dedicated inhouse Governance and Compliance team
  • Secure managed services and managed security services
  • 15+ years of experience in Cloud
  • 30+ existing financial sector clients
  • Backed by Canon Business Services
  • High performance cloud to match your business needs
  • 20+ years of experience supporting enterprise IT
  • Holistic IT strategies with vendor choice
  • Compliant platforms

FINANCIAL SERVICES SOLUTIONS

Unlock IT solutions to drive compliance, governance and security

Harbour IT
enquiries@harbourit.com.au
Level 10, 401 Docklands Drive
Melbourne , Victoria , 3008 Australia
1300 785 926
Information Technology (IT), Cloud Computing, Managed IT Services, IT Infrastructure Solutions, Disaster Recovery, Professional IT Services, IT Security, Cloud Computing Security, IT Help Desk, IT Service Support Desk, Communications, Procurement, Systems Integration, Managed Print Services
Harbour IT
enquiries@harbourit.com.au
Level 8, 59 Goulburn Street
Sydney , New South Wales , 2000 Australia
1300 785 926
Information Technology (IT), Cloud Computing, Managed IT Services, IT Infrastructure Solutions, Disaster Recovery, Professional IT Services, IT Security, Cloud Computing Security, IT Help Desk, IT Service Support Desk, Communications, Procurement, Systems Integration, Managed Print Services
Harbour IT
enquiries@harbourit.com.au
Ground Floor, West Tower, 410 Ann Street
Brisbane , Queensland , 4000 Australia
1300 785 926
Information Technology (IT), Cloud Computing, Managed IT Services, IT Infrastructure Solutions, Disaster Recovery, Professional IT Services, IT Security, Cloud Computing Security, IT Help Desk, IT Service Support Desk, Communications, Procurement, Systems Integration, Managed Print Services
Harbour IT
enquiries@harbourit.com.au
Suite 207, Norwest Central, 10 Century Circuit
Baulkham Hills , Queensland , 2153 Australia
1300 785 926
Information Technology (IT), Cloud Computing, Managed IT Services, IT Infrastructure Solutions, Disaster Recovery, Professional IT Services, IT Security, Cloud Computing Security, IT Help Desk, IT Service Support Desk, Communications, Procurement, Systems Integration, Managed Print Services