Connect with us
Finance Digest is a leading online platform for finance and business news, providing insights on banking, finance, technology, investing,trading, insurance, fintech, and more. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.
FINANCE

Identity security in the era of SOX

Published On :

By Steve Bradford, Senior Vice President, EMEA, SailPoint 

The Sarbanes-Oxley Act (SOX) is a federal law that mandates practices in auditing and financial regulations for public companies. Its original intent being to restore trust in a corporate and financial system that had been rocked by major accounting scandals such as Enron, WorldCon and Tyco. Legislators believed if there was no trust in the major corporate institutions of America, then the whole fabric of capitalism could be brought into question.

Initially only applying to American companies, every major institution that dealt with America had to comply with SOX. It was a huge a success with the number of financial scandals emanating from the US dropping dramatically since compliance. But can The UK follow suit?

Preparing for “SOX UK”

The UK has had its own high profile business collapses – notably BHS and Carillion. So, the government has launched a consultation programme that mimics the US SOX rules. The consultation on reforms aims to ‘restore trust in audit and corporate governance’ and applies to auditors, companies, directors, audit committees, investors, other stakeholders, and the regulator.

A focus is on companies with a significant public interest, otherwise known as Public Interest Entities (PIEs). These include financial institutions, banks, insurance companies, underwriters, and alike – many of which are already familiar with a high degree of financial scrutiny. A noteworthy difference is the stated preference to expand the UK SOX controls beyond public interest companies, which could include large companies in retail, manufacturing, logistics and automotive.

UK SOX may seem like a massive undertaking if unfamiliar, but with the right technologies in place manual tasks can become automated, reducing time which can be then redirected to greater priorities or risks, and everyday operations will be guided by a strong set of well-defined controls.

A growing threat 

The Sarbanes-Oxley Compliance 9-Step checklist provides a series of recommendations to protect the validity of all reported information and help businesses to ensure they are following the rules. This includes the need to establish controls to prevent data tampering, track data access, test the effectiveness of safeguards and detect security breaches – any of which need to be reported to SOX auditors on time.

As both physical and digital information are affected, accurate management is an integral part of compliance. Remote working, blockchain integration, and the emergence of cloud-based banking (Banking as a Service) have led to growing cyber threats, privacy concerns and compliance requirements through the complexities of connectivity.  For example,  multiple devices now connect to networks from different locations, accessing the vast amount of information in the cloud. There is now critical need to close security gaps outside the perimeter.

Some of the greatest threats lie within an organisation – either human error or more likely, the rise in risk facing the access today’s workforce has to technology. Complex corporate structures and departmental silos hinder management’s visibility into workforce roles, responsibilities, and data access. Traditional reliance on spreadsheets and manual processes for tracking data access and user identities leads to inaccuracies and inconsistencies.

Apart from being an auditing and reporting nightmare, the situation creates system gaps that are ripe for exploitation by threat actors.

Maintaining security through identity 

To meet security and compliance regulations, companies and organisations must act smarter in how they protect their “perimeter”, which is centred on its people – the new threat vector of choice. Companies must prepare to automate business processes and embrace new security practices that fully protect the workforce and the tools they need to  do their job.

Staying in compliance with regulation is important for the safety of the company, but it is crucial that the right safety measures are in place. Identity access management can reduce the risk of insider threat, data breaches and human error for financial reporting – enabling automated logging and report generation for companies to make smart decisions whilst uncovering and remediating hidden or unknown issues that pose inherent risk.

The countdown to SOX 

One commodity companies don’t have is an abundance of time. With less than 18 months to go until the SOX recommendations deadline, any form of automated access system is an essential first step in ensuring companies are prepared. Starting early is critical – given an implementation programme can take 18-24 months for a company that is used to stringent financial regulations. It’s time to get identity and access compliance right – automation can save a significant amount of effort and money, whilst improving the accuracy of identity management processes.

As seen in the US, UK companies not used to financial compliance procedures will have to catch up or ask for help – learning from the financial sector – and scale up their auditing and control to comply with more stringent regulations. The rules are there to help provide the security that regulators need for a secure commercial environment. Now is the time to act in order to reduce the risk.

Continue Reading

Why pay for news and opinions when you can get them for free?

       Subscribe for free now!


By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Posts