Updates for financial biometric operations announced in U.S. and Bangladesh

Financial regulators in the United States and in South Asia this week committed to greater protection for the biometric identifiers of banking customers.

In the United States, the Federal Trade Commission published updates for the 18-year-old so-called Safeguards Rule, which created standards for physically and technically securing consumer data.

According to Bloomberg Law, the updated standards were spurred by rising numbers of breaches.

The change (which passed 3-2), appears to be an attempt sharpen accountability and transparency when it comes to consumer data, including biometric identifiers.

Relevant financial institutions regulated by the FTC now must appoint a single person to manage information security programs, and present periodic reports to directors or at least a senior officer charged with maintaining information security, according to Bloomberg Law.

Those companies also have to explain information-sharing practices, a sore point for privacy advocates concerned that biometrics are being treated in a cavalier way.

The FTC responded to comments on the multi-factor authentication (MFA) requirement seeking clarification on the acceptance of an SMS-based possession factor, clarifying that it is neither recommended nor forbidden.

The article quotes commissioners who dissented from the move saying, in part, that the new standards give “senior management” more work to do when there is no overwhelming evidence that breaches are attributable to bosses.

The commission has continued to rein in biometric privacy abuses. It said in May it plans to report on machine-vision vendor Paravision‘s compliance with conditions of its settlement of a biometric data privacy allegation.

Meanwhile, Bangladesh’s Financial Intelligence Unit said it will cooperate with the U.S.-based International Finance Corp. to update conventional Know Your Customer (KYC) authentication infrastructure to digital operations.

KYC requirements are a major driver of biometrics adoption in the financial services industry.

The intelligence unit has already run a reportedly successful, small test involving 1,500 accounts, using biometric systems, according to reporting by The Business Standard. The Bangladesh Financial Intelligence Unit is a crime-fighting government agency.

International Finance, a World Bank Group member, sells business-development and -finance services in under-developed economies. The company had previously announced that it would like to on-board 30 million unbanked adult Bangladeshis by 2030.

Digitizing the now-manual process of authenticating people — primarily by requiring people without bank accounts to travel to distant bank offices — is expected to speed economic development by encouraging wealth-building and entrepreneurialism.

Final regulations for electronic KYC projects and operations in Bangladesh are expected by December 2024.

Article Topics

authentication  |  Bangladesh  |  banking  |  biometrics  |  data protection  |  digital identity  |  financial services  |  FTC  |  KYC  |  onboarding  |  privacy  |  United States