Microsoft Embraces Audits to Help Financial Services Organizations Demonstrate Regulatory Compliance

This post has been republished via RSS; it originally appeared at: Financial Services Blog articles.

Look around: the rate of digital transformation is accelerating. New devices and even new ways of working are materializing everywhere, and the financial services industry is no exception. Financial services organizations are reinventing their business to incorporate the new digital transformation mindset and to use it to their competitive advantage. Digital intelligence can be used to push everything – market trends, account services, customer experience, risk analysis, proposal management, employee engagement and productivity – further and faster. There are many rules and regulations corralling the financial sector from capital adequacy (Basel IV) to bank secrecy (Gramm-Leach-Bliley Act) to Anti-Money Laundering regulations globally to data retention (SEC 17a-4) and data privacy (GDPR). Conversely, there are regulations such as PSD2 and new cloud computing guidelines that create opportunities to innovate. Financial services institutions must digitally transform themselves while also proving compliance with a widening sea of regulations.

 

The Microsoft cloud is positioned to help financial services organizations navigate these waters. Microsoft offers a comprehensive set of compliance capabilities and has invested heavily to support the auditing and regulatory reporting capabilities required by financial services organizations. Our auditing solutions can provide financial services organizations with insights on monitoring how information is used within their organization, how to investigate information security concerns, and how to document regulatory compliance with global, national, regional, industry-specific, and other requirements. Comprehensive audit coverage from Microsoft includes:

  • In-person audits: We support in-person audits as part of our cloud services contracts; several financial services organizations have exercised their right to audit and have been happy with the results. Audits of Azure, Office 365, and our datacenters have been conducted, and some audits have included regulators.
  • Group audits: Microsoft encourages group audits because of the many benefits they provide. A collection of financial services organizations joining together to conduct a group audit can perform a more complete audit than a single organization could by itself.
  • Self-service audits: We enable organizations to complete ongoing self-service risk assessments and audits, and to track their own regulatory compliance activities across a global range of standards and regulations using the Microsoft Trust Center, the Service Trust Portal, and the recently released Compliance Manager.
  • Real-time audits: Organizations can comprehensively monitor service operations, user activities, and the behavior of their applications, and implement policies to govern users, protect data, and comply with regulatory requirements.

A key point in our discussions with regulators has been the importance of transparency and the need to provide information that goes beyond third-party independent audit reports. This allows customers to fully understand how services are designed, managed, monitored, and tested so that customers can make informed decisions about using cloud services. Our investments in self-service auditing through mechanisms such as the Trust Center, the Service Trust Portal, and Compliance Manager are in direct response to that regulatory guidance.

 

Download this free infographic to learn how your financial service organization can gain audit capabilities to help you assess and prove regulatory compliance with the Microsoft cloud. Also check out this Compliance Manager demo and blog post to learn more about the self-service audit capabilities available for your organization.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.