Today, Laika, along with a consortium of financial technology and security compliance companies, announced the Open Finance Data Security Standard (OFDSS). This proposed framework of requirements addresses common security risks encountered by growing financial technology companies handling sensitive information.
With the proliferation of innovative and emerging financial technologies, new risks have emerged that need to be managed in a different way than they have historically been. Any company in financial services needs to proactively secure consumer information, which is imperative to the financial ecosystem as a whole.
The founding supporters of OFDSS include fintech technology companies: Flinks, MX, Plaid, and Truework, and security compliance companies: Laika, Secureframe, Vanta, and Drata.
Raising the bar for emerging companies infosec
The availability of cloud infrastructure and the ease of adoption has spurred an unprecedented level of innovation. Businesses have the ability to focus on core strengths and customer problems without the hard work of building and operating IT.
With these lower barriers to entry and the support of companies that offer support services like Laika in security and compliance, there has been a dramatic increase in innovation in financial services and the availability of financial products and services.
However, existing data security standards were not designed specifically for modern, cloud-native delivery models or the resource constraints of early-stage companies.
OFDSS fills the gaps and fosters innovation
OFDSS addresses this gap to create strong, auditable data security guidelines. The standard will maintain alignment with common and relevant criteria found in other security frameworks, like SSAE18 TSC for Security and NIST CSF while providing clear requirements optimized for cloud-native, technology-focused startups and growth-stage companies.
The financial services landscape has evolved dramatically over the last several years due to the rise of fintech and digitization of the banking system. Simultaneously, the increase in data breaches resulted in a proliferation of new, discordant regulations from various agencies.
This industry-driven initiative driving standardization is critical for the financial sector to effectively and efficiently put in place robust security practices. OFDSS will help raise the bar for data security in the fintech ecosystem at a time when the pace of innovation is accelerating.
It provides a strong framework that helps fintech improve security while enabling innovation, gives banks reassurance about the companies connecting to their APIs, and, most importantly, helps protect consumers.
What does OFDSS cover?
The OFDSS is designed to be a living document that will evolve over time to meet the needs of the industry, incorporate new technology, and mitigate emerging risks.
- Establishes 63 individual security requirements across 12 control domains
- Addresses common data security risks encountered by early-stage digital finance companies.
- Prescribe implementation guidelines to contextualize the requirements, along with high-level audit steps for ensuring compliance.
The requirements are not intended to exhaustively address all data security risks. However, the requirements address common security risks encountered by emerging financial technology companies when processing or storing sensitive information.
Companies with mature and audited information security programs likely already meet the requirements captured in this standard. Businesses subject to OFDSS can reach out to the Laika team to evaluate existing security postures, build new practices, address challenges, and provide audit services.
Seeking industry participation and feedback
OFDSS is an industry initiative and the consortium is seeking additional industry feedback and participation with plans to begin implementing the standard in the second half of 2022. To learn more and potentially get involved, please visit OFDSS.org.