Financial Services Firm Conquers Compliance with Spirion-First Approach

The Mission: Rapid data protection for compliance leveraging existing DLP investments

Rapidly growing credit union Patelco serves more than 325,000 members nationwide as a federally insured, not‑for‑profit financial institution. With more than $6 billion in assets, Patelco is in the top 1% of U.S. credit unions.

For Patelco to meet the Payment Card Industry’s stringent new compliance requirements by a tight deadline, accurate data discovery and persistent classification was non-negotiable. So, a rapid and successful Spirion data discovery, classification and protection step was critical.

This step allowed Patelco to inventory and classify its full slate of data, know where all of its data lived, and put procedures in place to better govern, reduce risks, and meet compliance standards. It also enabled Patelco to simultaneously leverage Intel Security’s EPO endpoint technology for corporate policy enforcement.

Lean discovery across network and cloud

During the DLP integration, the Patelco team performed an audit across 350 terabytes of data on 180 servers and 1,700 endpoints. Next, Brent reviewed the findings with every department. Then he reviewed the discovery process and company policies, and began strengthening remediation processes and procedures. During the process, Spirion allowed Patelco to locate all of its sensitive data with a high degree of accuracy.

Preparing for a world with stricter regulations

Preparing for the PCI’s stricter regulations is just one of many compliance hurdles Patelco must conquer. Other critical compliance regulations for financial services firms are the Federal Financial Institutions Examination Council (FFIC) and the National Credit Union Association (NCUA). Like many regulatory bodies today, they are issuing increasingly demanding mandates for compliance and penalties for non‑compliance.

Further, once the rapidly growing financial services organization hits the $10 billion mark, it will be subjected to even more stringent and punitive compliance regulations imposed by other agencies. One of these is the Consumer Financial Protection Bureau (CFPB), which is free to impose severe restrictions on member credit unions at its discretion.

Requirements are going to be “extremely intense and we’re preparing now,” said Brent. For his team, this means building on top of their current data discovery and data classification capabilities.

Staying in command and control of data

Brent is confident the organization will be successful in meeting all data compliance regulations. “Spirion’s accurate discovery and data classification capabilities have helped us better assess the organization’s data environment,” so the company can prepare for complete compliance.

The executive team and board are easily kept in the loop, said Brent. Spirion provides “the necessary data to update our CEO and CIO with more detailed metrics, process review findings, compliance updates, and organizational status updates.” He also shares insight with the Board of Directors in a quarterly report.

Looking ahead to new compliance challenges, Brent and his team are putting systems and processes in place to meet the impending requirements, making Spirion’s role all the more important in the future of the financial services firm.