The State of Compliance in Financial Institutions Report

35.2% of financial organizations plan to invest in real-time audit log solutions.

8.5% of teams at financial organizations still rely mostly on manual efforts for compliance reporting.

2.1% of teams at financial organizations have no visibility into how long it takes to revoke access to high-risk systems requiring elevated privileges after an employee exits or changes roles.

46.3% of teams at financial organizations have partially automated compliance reporting.

Apart from the GDPR and ISO 27001/27001, other regulations mentioned as challenging by financial organizations include SOX (10.9%), GLBA (8.4%), and NYDFS (7.4%).

17.7% of teams at financial organizations report spending 25+ hours monthly on gathering data for audits and access reviews.

25.1% of financial organizations plan to invest in compliance automation platforms.

Managing third-party access (35%), tracking least privilege enforcement (24.2%), and producing audit logs (23.1%) remain the biggest pain points for financial organizations.

33.9% of teams at financial organizations use role-based access with limited audit trails for access to high-risk systems requiring elevated privileges.

8.9% of financial organizations are investing in identity lifecycle management.

0.3% of financial organizations surveyed admitted to having failed an audit in the past year.

35.3% of teams at financial organizations automate access to high-risk systems requiring elevated privileges with real-time logging.

30.7% of teams at financial organizations still rely on manual approval for access to high-risk systems requiring elevated privileges.

45.2% of teams at financial organizations have extensively automated compliance reporting.

ISO 27001/27002 is the second most challenging regulation, cited by 18.2% of financial organizations.

Only 4.8% of teams at financial organizations spend fewer than five hours on gathering data for audits and access reviews.

7.0% of financial organizations are investing in third-party risk monitoring

23.8% of financial organizations plan to invest in automated access controls.

GDPR is the most difficult regulation to manage, cited by 19.4% of surveyed financial organizations.

88.4% of financial organizations surveyed are "very confident" in passing a surprise compliance audit.

Only 0.2% of financial organizations surveyed reported lacking confidence in passing a surprise compliance audit.

49.3% of teams at financial organizations spend 10–25 hours monthly preparing audit data.

52% of teams at financial organizations manage 10–20 high-risk systems requiring elevated privileges.

31% of teams at financial organizations revoke access to high-risk systems requiring elevated privileges in hours, while 38% do it instantly.