G A U G I N G T H E M A R K E T
G A U G I N G T H E M A R K E T
Many organisations are still heavily relying on manual processes to get all of this done. But, with more complexity in regulations and a wider surface to be covered by requirements, manual compliance has become extremely complex and costly.
Automating processes and working on building a continuous compliance cycle can dramatically change how compliance is handled within FinTech organisations, helping them save on resources so they can instead focus their time, money and tech teams’ skills on achieving business objectives.
Manual compliance: A broken process
What do compliance processes look like in many financial organisations today?
Let’ s use the PCI DSS standard as an example, but this would be true for most audit-driven regulatory frameworks requiring organisations to pass regular audits.
A typical approach to passing a PCI DSS audit is to issue ad-hoc remote commands to gather information, compose verification scripts to run by hand, or to manually verify several system settings in tandem with auditors by using approaches like screenshots.
While this approach can work, it is fundamentally unsustainable because it requires custom work and is specific to the context of a PCI DSS audit. It thus cannot be leveraged in other parts of business-critical workflows, such as checking for compliance in pre-production environments.
Five building blocks for continuous compliance
Adopting a continuous compliance approach allows organisations to quickly answer audit questions at any time, not just quarterly or yearly. The idea is to be able to enter an audit cycle knowing the organisation’ s exact compliance posture, rather than being surprised by auditors who find weak points in the company’ s environment.
There are solutions available on the market today that enable exactly that. But before investing, FinTech organisations need to make sure the five following key steps will be met and that the compliance cycle solution will allow them to:
1. Acquire – access trusted content aligned with industry benchmarks for audit and remediation. This ensures that remediation actions directly correspond to audit findings.
2. Define – define compliance baselines and tailor them to the organisation’ s unique needs. For example, flexible waiver capabilities allow teams to enable / disable individual controls, reducing false positives and misconfigurations.
18 www. intelligentfin. tech