Secure File Transfer Between Financial Institutions

Some privacy laws single out a specific industry; in the US, one example is the Gramm Leach Billey (GLB) act. Intended to enhance competition in the financial services industry, GLB includes a provision requiring consumer privacy protection. The Federal Reserve System, national banks, and savings associations are not the only organizations impacted; mortgage companies and insurance underwriters are also included. Under GLB, financial institutions must establish appropriate security and confidentiality measures for customer records - specifically, preventing unauthorized disclosure of non-public personal information. GLB compliance starts with policy definition; SFTP is one tool available for implementing those policies.

Figure 5: Securing Files Shared Between Financial Institutions

For example, SFTP can provide strong authentication and role-based access to private data involved in mortgage approval when several companies are involved. As shown in Figure 5, an underwriting bank uses SFTP to pull loan applications from a mortgage broker's database, obtain history from a credit bureau, and verify account balances. In this example, SFTP ensures the integrity and confidentiality of non-public personal information in transit between cooperating financial institutions. Server event logs provide an audit trail, identifying who accessed what and when. Of course, SFTP must be combined with additional enterprise security measures, protecting data stored at each financial institution.