ISO/IEC 27562 — Information technology — Security techniques — Privacy guidelines for fintech services [Draft]
According to the proposed 1st working draft:
Fintech refers to the use of computer technology across all aspects of the financial services sector, including banking, payment systems, and insurance.
This new wave of innovation represents the next phase of financial services. Digital financial services are undergoing a breakthrough as strong authentication technologies, developing decentralized technologies like blockchain, and analytics for fraud detection and anti-money laundering compliance are changing the industry. As a priority, privacy must be ensured, so that fintech services and applications are trusted and trusted as well as financial infrastructure and customers are protected.
As part of Customer due diligence (KYC), AML (anti-money laundering) rules require the collection, processing, and use of personal data. To detect fraud, organizations monitor transactions, look at behavioural patterns, share data internally (within a group), share data externally (with regulators and other institutions), share data when it comes to outsourced arrangements, and process data across borders (especially for international payments). The consumer wants control over what information can be accessed.
As a starting point, this document should apply the privacy principles described in ISO/IEC 29100:2011. As part of the privacy guidelines, the existing work on privacy frameworks (such as the NIST privacy framework: an enterprise risk management software program) will be used as well as privacy impact assessment in ISO/IEC 29134:2017.
There will be an assessment of all relevant privacy risks associated with fintech services. The framework also takes into account regulatory requirements, such as those concerning anti-money laundering.
The scope of the standard
Aspects of IT privacy for financial services.
To be determined.
There was a proposal for a New Work Item in 2020, which was approved in January 2021.
An initial working draft of the plan has been proposed.
To be determined.