Financial institutions are constantly balancing increasingly competitive business drivers with the complex requirements of compliance as well as overall IT security. Now, with sweeping new regulations including the Dodd-Frank Wall Street Reform Act, measures to protect data privacy, safeguards against data breach and efficiency of processes that govern regulatory compliance activities will need to deliver to higher and more rigorous standards. Proofpoint Enterprise Protection, Privacy, and Archive provide financial institutions with a comprehensive compliance and security solution to address these ever evolving challenges.
Proofpoint Enterprise Privacy helps financial institutions comply with federal compliance acts such as Gramm Leach Bliley as well as industry regulations such as PCI DSS by identifying emails containing nonpublic personal information (NPI) or primary account numbers (PANs) and blocking or encrypting the messages before they leave the organization.
Proofpoint Enterprise Archive makes it easy to meet even the most stringent regulatory compliance demands by archiving email messages according to SEC-compliant policies. Supervisory review capabilities ensure that broker-dealer communications are monitored and managed to assist in meeting requirements of FINRA Rules 8210 and 11-39, SEC Rule 17a-4, and NASD Rule 3010.
With modern day low-volume phishing attacks targeted at corporate email data, rather simply end user credentials, financial institutions must ensure that their email security solutions are protecting them against these latest threats. Proofpoint Enterprise Protection provides the industry’s best email threat protection against modern-day, malicious threats, with a combination of accurate threat detection, granular management based on the threat classification, and tools for response should the need arise to react to a direct attack.
- GLB Act compliance: With Proofpoint Enterprise Privacy, ensure that your email systems comply with the Gramm-Leach-Bliley Act requirements under the Financial Privacy Rule. Emails containing nonpublic personal information (NPI) are automatically blocked or secured with Proofpoint Encryption.
- Email Encryption: Proofpoint Encryption provides easy-to-use email encryption, backed by a strong policy engine that ensures all sensitive content is protected before it leaves the organization. All encrypted email messages are branded to your organizations compliance requirements. Recipients of Proofpoint encrypted emails follow extremely simple steps to authenticate and access their email messages. No pre-registration or exchange of encryption keys is required to use Proofpoint Encryption; ad-hoc email encryption is fully supported.
- Smart Identifiers: Proofpoint's Smart Identifier technology dramatically reduces the number of false positives. Depending on the specific Smart Identifier, a variety of checks are performed, increasing the accuracy of the detection. For example, the Smart Identifier for credit card numbers performs the Lunh Algorithm check, which validates the checksum. This prevents any random 16-digit number from being flagged as credit card number. Custom Smart Identifiers can easily be added as well, such as a Smart Identifier to detect medical record numbers. ABA Routing Numbers and Social Security Number Smart Identifiers are pre-built into the Proofpoint Enterprise Privacy solution.
- Accurate Detection of NPI: Accurate identification of NPI is completed by utilizing a combination of Smart Identifiers along with the proximity matching. For example, the Smart Identifier for a Social Security Number is validated against the Social Security Administrations Issuance Table (valid for all SSN's issued prior to June 1, 2011), but also checks for an indicator in close proximity to the identified number, such as "SSN:", "SS#", etc., significantly increasing the confidence level of the detection.
- Flexible Policy Management: Granular policies can be set, allowing specific sets of users to send and receive NPI via secure email encryption with Proofpoint Encryption, yet prevent other groups from sending NPI altogether.
- Compliance Dashboard: Compliance officers have a dashboard view of their organization. Compliance incidents that require review are highlighted, with one-click drill-down access to each specific incident that may require intervention or remediation. Compliance reports summarize the number of encrypted messages that have been sent and the type of content that triggered the encryption (Credit Card Number, NPI, trade confirmations, etc.)
- Workflow: Detailed workflow is available to provide detailed tracking against each compliance incident. Compliance reviews can release email messages by encrypting the messages, or leave messages blocked within the quarantine. Severe violations can be escalated for further review. Status of each incident in review is then logged.
- Flexible Remediation: The vast majority of compliance issues come from inadvertent data loss. Proofpoint Smart Send is a feature that allows administrators to selectively allow sender-based remediation. For example, a wealth manager may attach a spreadsheet containing information on multiple clients. Smart Send can temporarily stop this email message, send a notification back to the sender alerting them of the content within the message, but then also provide direct remediation options within the notification email: the ability to block that message permanently, the ability to release that message, or to encrypt that message before sending. Smart Send can be enabled for the entire organization or for specific groups.
- Best-in-class Threat Protection: Financial information has long been a target of hackers. With phishing attacks on the rise, focused not on just end user account credentials, but increasingly on leveraging phishing emails as an entry vector to steal sensitive information from enterprise organizations, having a best-in-class email threat protection system is critical when addressing any data protection strategies. Proofpoint Enterprise Protection provides the best email threat protection available against these external malicious threats today.
- Full support for cloud-based email systems (e.g., MS Office 365): Proofpoint Enterprise Privacy is available as a cloud-based email solution and provides all the same rich functionality available as an on-premise solution. This also seamlessly integrates to any cloud-based email solution, such as Microsoft’s Office 365, ensuring regulatory email compliance while leveraging the cost benefits of the cloud.
- Robust Supervisory Review for SEC/FINRA Compliance: SEC/FINRA regulated firms leverage the power of Proofpoint Enterprise Archive's robust supervision review features, significantly improving the efficiency of the compliance audit process. This enables greater productivity of SEC compliance staff and improves effectiveness in identifying and routing potential SEC policy violations that require further review or escalation. » Learn more about FINRA requirements.
- Fully SEC Compliant Storage: Proofpoint Enterprise Archive provides a secure, tamper-proof SEC email compliance storage infrastructure comprised of geographically distributed data centers, which ensures that information is available in the event of service disruption to either location. Proofpoint Enterprise Archive meets all conditions set forth in SEC Rule 17a-4 paragraph f (2) (ii).
- Industry-leading Security and Privacy: Proofpoint protects security and privacy via its patented DoubleBlind Key Architecture™ that protects data both in transit and at rest. Privacy of customer data is ensured by maintaining a separation of encrypted data from the encryption keys, ensuring that only the customer has the ability to read data stored in the Proofpoint network.
- Flexible Policy Management: Proofpoint Enterprise Archive enables the creation and enforcement of robust email message retention policies, with the flexibility to easily adjust those policies as regulatory, legal, or internal records requirements evolve.
- Fast Search for Compliance Team: With a distributed search architecture and grid-storage infrastructure, Proofpoint email archiving solution provides a search performance guarantee that 90% of all searches are returned in 20 seconds or less - regardless of how large the archive grows or how often searches are required. Through a web-based user interface, compliance staff can easily meet even the most stringent compliance audit requirements.
- Single Pane of Glass Archiving: Proofpoint Enterprise Archive supports the archival of email, Bloomberg, IM, and social media communications. Proofpoint also provides integration with IM logging systems and social media monitoring tools to enable a single, unified interface for search, supervision, and discovery.
» Learn more about the Dodd-Frank Wall Street Reform Act.
- Secure Business-to-Business Communications: Provide secure communications when your organization is conducting business with other financial institutions.
- Client Communications: As financial institutions communicate to their clients, email encryption allows sensitive account information to be included in a secure manner.
- Broker-Dealer Supervisory Review: Allows FISMA regulated organizations to implement a systematic and flexible supervision process for selecting and reviewing broker communications. Proofpoint enables greater productivity of compliance staff and improving effectiveness in identifying and routing potential policy violations that require further review or escalation.
- Compliance and Legal Team Self-Service: Provides sustainably fast and reliable access to archived messages for improved response to regulatory inquiries and legal discovery.
15% of the Fortune 1000 Financial Services
- Detection Accuracy of NPI: No other solution on the market today provides the accurate detection of NPI like Proofpoint. This ensures that all NPI is encrypted, but just importantly, does not flag information that does not require encryption to be encrypted.
- Compliant Supervisory Functions: Many organizations are struggling with first generation tools utilized for supervisory review, whose performance has deteriorated as those systems have aged and who lack the flexibility to address today's regulatory requirements. Proofpoint Enterprise Archive provides next-generation architecture to enable fast, secure access to information, and greater efficiency in managing review processes.
- Easy to Use, Fully Integrated Encryption: We offer an easy-to-use, policy-based encryption solution that accurately identifies messages for encryption ensures your organization is maintaining compliance to financials regulations.
- Mobile Support for Broad Range of Devices: Proofpoint solutions are fully optimized for mobile device usage, from both the sender and recipient perspectives. With the best mobile experience available from any solution today, this is critical as we see a growth in the variety of mobile devices in the enterprise environment.