info@winheller.com+49 (0)69 76 75 77 80Mon. - Fri. from 8am to 8pm, Sat. from 8am to 5pm

Protection Against Cyberattacks for German Banks and FinTechs

Digital attacks against banks and financial services providers pose major challenges not only on that sector but also on the legislator and the financial supervisory authorities. In 2017, nearly 10 billion cyberattacks occurred worldwide. Apart from spam and phishing, the main threats to digital security included targeted hacking attacks. A company’s own employees often turn out to be the main security risk.

Requirements of the GDPR have to be fulfilled

Banks also have to define the processing of their customers’ personal data in compliance with the requirements of the General Data Protection Regulation. This includes both data privacy compliance and data processing security. Infringements of these rules may be punishable by fines of up to 20 million euros or 4% of the global annual turnover. In case of a privacy breach, the data subjects may also demand compensation of non-material damage.

The well-established minimum requirements for risk management (MaRisk) have recently been supplemented by the supervisory requirements for IT in financial institutions (BAIT). The background of these new requirements is that banks and financial services providers are increasingly outsourcing processes that do not form part of their core business. BAIT are intended to make the expectations and supervisory practice transparent and to outline possible risks.

Avoid security gaps in critical infrastructures

The Act on the Federal Office for Information Security (BSI Act) also addresses the issue of IT security. According to the act, operators of critical infrastructure have to take appropriate organizational and technical precautions to avoid disruptions of the availability, integrity, authenticity, and confidentiality of their information technology systems, components or processes. Operators of critical infrastructures include companies of the energy, finance and insurance, nutrition, water, health, transportation and traffic as well as information technology and telecommunications sectors.

However, technical measures will not be sufficient. Organizational and legal measures also need to be taken. Banks and other companies should conduct complete screenings of their business procedures to check them for security gaps.

Protection of banks, financial services providers, and FinTechs

Together with our technical partners, we will be able to arm your company against cyberattacks. We can shape your outsourcing contracts and privacy provisions in compliance with the current regulations.

Continue reading:
Identify Weaknesses in Data Protection and Profit from Synergy Effects
Banking Regulations in Germany (BaFin) and the EU

Sebastian Förste

Sebastian Förste

Sebastian Förste advises credit institutions and financial services providers on regulatory issues and represents them in dealings with the Federal Financial Supervisory Authority (BaFin) and the German Central Bank (Bundesbank). In addition, he provides advisory services on the laws relating to cryptographic currencies, like Bitcoin, Ethereum and Ripple, and Initial Coin Offerings/Token Sales.

>> show profile

Leave a Comment

Your email address will not be published. Required fields are marked *

WINHELLER Blog via Newsletter

Subscribe to our free newsletter and receive regular updates on German business law by e-mail. (Mandatory fields are marked with *)

German Business Law News (4 times a year)
I would like to subscribe to the selected newsletter and for that purpose give my consent to WINHELLER to process my above mentioned data. I have read the "Information for Data Processing in the Newsletter Subscription". I understand that I can revoke my consent at any time with effect for the future by clicking the unsubscribe button within the newsletter. *