Skip to content

Home

  • in zh
  • 3 min read

MongoDB Kafka 連接器

Apache Kafka 是一種開源的發布/訂閱消息系統。Kafka Connect,Apache Kafka的一個元件,面對將Apache Kafka與各種數據存儲連接的挑戰,包括 MongoDB。Kafka Connect 提供:

  • 傳輸數據到數據存儲的容錯運行時
  • Apache Kafka社區共享連接 Apache Kafka 到不同數據存儲解決方案的框架

在這篇文章中,我們將重點介紹如何將 MongoDB 作為數據湖。 MongoDB Kafka 接收連接器是從 Apache Kafka 讀取數據並將其寫入 MongoDB 的 Kafka Connect 連接器。官方的 MongoDB Kafka 連接器可以在這裏找到。

開始 Kafka 環境

這裡下載最新版的 Kafka。

curl https://dlcdn.apache.org/kafka/3.2.0/kafka_2.13-3.2.0.tgz -o kafka_2.13-3.2.0.tgz
tar -xzf kafka_2.13-3.2.0.tgz
cd kafka_2.13-3.2.0

按照正確的順序運行以下命令來開始所有的服務。首先開始 ZooKeeper 服務。

bin/zookeeper-server-start.sh config/zookeeper.properties

在另一個終端會話中,開始 Kafka 代理服務:

bin/kafka-server-start.sh config/server.properties

所有服務成功啟動後,您將會擁有一個運行中的 Kafka 基礎環境。

安裝插件

這裡下載 JAR 文件,並導航至 /libs 目錄。

curl -L https://search.maven.org/remotecontent?filepath=org/mongodb/kafka/mongo-kafka-connect/1.7.0/mongo-kafka-connect-1.7.0-all.jar -o plugin/mongo-kafka-connect-1.7.0-all.jar

編輯 config/connect-standalone.properties,並將 plugin.path 指向下載的 JAR 文件。

plugin.path=/home/ubuntu/kafka_2.13-3.2.0/libs/mongo-kafka-connect-1.7.0-all.jar

創建配置屬性

/config 文件夾中,創建一個名為 MongoSinkConnector.properties 的文件。

name=mongo-sink
topics=quickstart.sampleData
connector.class=com.mongodb.kafka.connect.MongoSinkConnector

消息類型

key.converter=org.apache.kafka.connect.json.JsonConverter
key.converter.schemas.enable=false
value.converter=org.apache.kafka.connect.json.JsonConverter
value.converter.schemas.enable=false

關於 MongoDB Sink 連接器的具體配置

connection.url=mongodb://localhost:27017
database=quickstart
collection=topicData
change.data.capture.handler=com.mongodb.kafka.connect.sink.cdc.mongodb.ChangeStreamHandler

/config 文件夾中,創建一個名為 MongoSourceConnector.properties 的文件。

name=mongo-source
connector.class=com.mongodb.kafka.connect.MongoSourceConnector

連接和源配置

connection.uri=mongodb://localhost:27017
database=quickstart
collection=sampleData

安裝 MongoDB

運行以下命令導入 MongoDB 的公開 GPG 鑰匙:

wget -qO - https://www.mongodb.org/static/pgp/server-5.0.asc | sudo apt-key add -

創建 MongoDB 源列表

echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-5.0.list

更新本地軟件包數據庫

sudo apt-get update

安裝 MongoDB 套件

sudo apt-get install -y mongodb-org

如果遇到任何與未滿足的依賴項相關的錯誤,使用以下命令修復它們:

echo "deb http://security.ubuntu.com/ubuntu impish-security main" | sudo tee /etc/apt/sources.list.d/impish-security.list
sudo apt-get update
sudo apt-get install libssl1.1

驗證 MongoDB 狀態

檢查 MongoDB 是否已成功啟動:

sudo systemctl status mongod

如果它是非活動的並需要重新啟動,運行:

sudo systemctl restart mongod

開始 Kafka Connect

要開始 Kafka Connect,執行以下命令:

bin/connect-standalone.sh config/connect-standalone.properties config/MongoSourceConnector.properties config/MongoSinkConnector.properties

將數據寫入 Topic

運行控制台生產者客戶端以將幾個事件寫入您的 Topic。您輸入的每行將導致一個單獨的事件被寫入 Topic。

$ bin/kafka-console-producer.sh --topic connect-test --bootstrap-server localhost:9092
This is my first event
This is my second event

通過您的連接器發送文件內容

要將文檔的內容通過您的連接器發送,插入一個文檔到您的源連接器從中讀取數據的 MongoDB 集合。使用以下 MongoDB shell 命令:

use quickstart
db.sampleData.insertOne({"hello":"world"})

插入文檔後,通過檢查 topicData 集合來驗證您的連接器是否已將變更處理。

db.topicData.find()

您應該會看到以下類似的輸出:

[
  {
    "_id": ObjectId(...),
    "hello": "world",
    "travel": "MongoDB Kafka Connector"
  }
]

參考

欲了解更多訊息,請參觀 MongoDB Kafka 連接器文檔

  • 3 min read

FinTech Security and Regulation Suggestions

I'd like to offer suggestions for how authorities should handle the application of Virtual Banking in Singapore's financial industry. Given the highly regulated nature of banking, the relationship between Virtual Banking innovation and regulation is often tense. There is a universal understanding that regulatory organizations are necessary to mitigate the risks and unanticipated consequences associated with new business models and financial products. My advice to regulators is to keep pace with the rapid changes in the fintech industry.

Virtual banks have posed new questions for the supervisory organizations that regulate how market players operate. This has led authorities to carefully assess the risks associated with emerging technologies in the financial services industry. While cloud technologies offer unprecedented potential, they also present new risks.

Four major motivations for regulation should be considered: uncertainty, resource conflict, disruption and unforeseen events, and public benefit. The adoption of cloud technologies will fundamentally change how the financial system operates, necessitating safeguards to prevent system collapse due to unforeseen events.

More specifically, precautions should be taken to protect virtual banking consumers from the drawbacks of a completely market-driven system. Monitoring within the fintech sector offers numerous benefits, but implementing effective regulation presents significant challenges.

Many market players may view regulation skeptically, believing it could hinder their prospects or operations. Therefore, implementing insightful regulation for the fintech industry won't be straightforward. Regulatory authorities could consider three approaches to fintech innovation:

  1. Rule-Based System: The regulatory authority sets strict rules and processes that market participants must adhere to.

  2. Principles-Based System: The regulatory body provides principles to guide market players, allowing them some freedom in achieving their regulatory responsibilities.

  3. Performance-Based System: The regulatory body sets specific benchmarks for market participants to meet or exceed.

These approaches could help Singapore's fintech industry flourish. Careful regulation cultivates an ideal environment for innovation, building trust and fostering the widespread acceptance of new consumer goods and services. The Monetary Authority of Singapore (MAS) aims to make Singapore an "experimental center" for fintech innovation, in line with its long-term goal to attract fintech innovators to the Asia-Pacific region.

In an ideal world, one wouldn't have to choose between innovation and regulation. Virtual banks can leverage innovative technologies to streamline regulatory compliance. The burgeoning regulatory technology (reg-tech) industry offers software solutions that help regulators perform their duties more efficiently.

With shifts in the regulatory landscape, both existing and future virtual banks need to prepare for changes in daily regulatory operations. Establishing an open, respectful working relationship between policymakers and stakeholders in the fintech field will be critical for the effective adoption of virtual banking.

In July 2016, the MAS amended its Guidelines on Outsourcing for Financial Institutions (FIs) to acknowledge that FIs could benefit from cloud services. These guidelines require FIs to conduct due diligence and employ robust governance and risk management processes when using cloud services.

Cloud security environments should be regularly reviewed, and services should comply with various industry certifications. For example, ISO 27001 outlines best practices for security management, while ISO 27017 and ISO 27018 provide cloud-specific security recommendations. Additionally, MTCS Level 3 and PCI DSS Level 1 offer further security standards specific to Singapore and payment card industries, respectively.

By combining governance-focused, audit-friendly features with certifications and audit standards, regulators can ensure a secure control environment for cloud providers.

The MAS Guidelines provide recommendations for risk management techniques, including due diligence and risk assessment for cloud services. Financial institutions are expected to follow these guidelines and report their compliance to MAS annually or upon request.

The MAS Technology Risk Management (TRM) Guidelines and the Association of Banks in Singapore (ABS) Cloud Computing Implementation Guide provide additional guidance on risk management, governance, and controls for cloud outsourcing.

In conclusion, each virtual bank's path to cloud adoption is unique. Virtual banks need to understand their current state, desired state, and the steps required to transition from one to the other for successful cloud implementation. This understanding will assist virtual banks in setting goals and developing workstreams for successful cloud migration.

  • in podcast
  • 3 min read

FinTech Security and Regulation Suggestions

Welcome to Continuous Improvement, the podcast where we explore strategies and insights for enhancing various industries through continuous improvement. I'm your host, Victor, and today we'll be diving into the fascinating world of Virtual Banking in Singapore's financial industry.

Virtual banking has undoubtedly reshaped the way we think about financial services. However, with innovation comes the need for effective regulation to manage risks and ensure the smooth functioning of the market. In today's episode, we'll be discussing the delicate balance between Virtual Banking innovation and regulation, and I'll be sharing some valuable advice for regulators in Singapore.

But before we dive in, let's understand the motivations behind regulation in the fintech industry. Uncertainty, resource conflict, disruption, and unforeseen events are some of the key drivers that lead regulators to assess the risks associated with emerging technologies.

Now, the adoption of cloud technologies has certainly revolutionized the financial system, offering unprecedented potential. However, it also brings new risks that require safeguards to prevent system collapse. This is where insightful regulation plays a crucial role.

When it comes to regulating the fintech industry, regulators can consider three approaches: rule-based, principles-based, and performance-based systems.

In a rule-based system, strict rules and processes are set by the regulatory authority, leaving little room for interpretation. On the other hand, a principles-based system provides guiding principles for market players, allowing them some freedom in achieving their regulatory responsibilities. Lastly, a performance-based system sets specific benchmarks for market participants to meet or exceed.

Now, each approach has its own benefits and challenges, but finding the right balance is vital for Singapore's fintech industry to thrive.

The Monetary Authority of Singapore, also known as MAS, aims to position Singapore as an experimental center for fintech innovation. Their long-term goal is to attract fintech innovators to the Asia-Pacific region. To achieve this, MAS has embraced the use of regulatory technology, or reg-tech, to streamline compliance processes and foster a conducive environment for innovation.

But what about virtual banks themselves? How can they navigate the evolving regulatory landscape? It all starts with establishing an open and respectful relationship between policymakers and stakeholders in the fintech field.

MAS has already taken steps to address this by amending its Guidelines on Outsourcing for Financial Institutions. These guidelines acknowledge that virtual banks can benefit from cloud services. However, they also require due diligence, robust governance, and risk management processes to be in place when utilizing cloud services.

Cloud security is of utmost importance, and regular reviews of cloud security environments should be conducted. Compliance with industry certifications such as ISO 27001, ISO 27017, ISO 27018, MTCS Level 3, and PCI DSS Level 1 ensures the highest level of security standards.

Additionally, MAS provides guidance on risk management techniques and expects financial institutions to comply with these guidelines and report their compliance accordingly.

In conclusion, successful cloud implementation for virtual banks requires a deep understanding of their current and desired states. Proper goal-setting and the development of workstreams specific to cloud migration are crucial.

By embracing innovation while maintaining effective regulation, Singapore can become a hub for virtual banking and secure its position as a fintech powerhouse in the Asia-Pacific region.

That's all for today's episode of Continuous Improvement. I hope you gained valuable insights into the relationship between Virtual Banking and regulation in Singapore's financial industry. Stay tuned for future episodes where we explore more strategies for enhancing various industries through continuous improvement.

Thank you for listening, and until next time, I'm Victor signing off.

  • in zh
  • 1 min read

金融科技安全與監管建議

我想提供建議,指導當局如何處理新加坡金融業的虛擬銀行應用。由於銀行業高度監管的性質,虛擬銀行創新與監管之間的關係經常處於緊張狀態。大家普遍認同,監管機構是必要的,可以減少與新的商業模式和金融產品相關的風險和未預見的後果。我建議監管機構與金融科技行業的快速變化保持步調。

虛擬銀行給監管市場參與者運營方式的監管機構帶來了新的問題。這使得監管機構必須仔細評估金融服務行業新興技術帶來的風險。雖然雲技術提供了前所未有的可能性,但也帶來了新的風險。

應考慮四大監管的動機:不確定性,資源衝突,破壞性和未預見的事件,以及公眾利益。採用雲技術將徹底改變金融系統的運營方式,需要采取保護措施防止因未預見的事件導致的系統崩潰。

更具體地說,應該採取預防性措施,保護虛擬銀行消費者免受完全市場驅動系統的弊端。在金融科技部門內進行監控有許多好處,但實施有效的監管仍然面臨重大挑戰。

許多市場參與者可能對監管持懷疑態度,認為這可能阻礙他們的前景或運營。因此,為金融科技行業實施具有洞察力的監管並不會一帆風順。監管機構可以考慮三種對金融科技創新的方法:

  1. 基於規則的系統:監管機構設定嚴格的規則和程序,市場參與者必須遵守。

  2. 基於原則的系統:監管機構提供指導市場參與者的原則,允許他們在履行其監管責任時有一定的自由。

  3. 基於績效的系統:監管機構為市場參與者設定特定的標準,市場參與者需要達到或超越這些標準。

這些方法可以幫助新加坡金融科技行業蓬勃發展。謹慎的監管培育了創新的理想環境,建立信任和促進新的消費品和服務的普及接受。新加坡金融管理局(MAS)的目標是使新加坡成為金融科技創新的“實驗中心”,符合其長期吸引亞太地區金融科技創新者的目標。

在理想狀態下,人們不必在創新和監管之間做出選擇。虛擬銀行可以利用創新技術來簡化監管合規。新興的監管科技(reg-tech)行業提供軟件解決方案,幫助監管機構更高效地行使職責。

隨著監管風景的變化,現有和未來的虛擬銀行需要為日常監管業務的變更做好準備。在政策制定者和金融科技領域的相關人士之間建立開放,尊重的工作關係對於有效採用虛擬銀行至關重要。

在2016年7月,MAS修改了其對金融機構(FI)外包的指導方針,以認識到金融機構可能從雲服務中受益。這些指導方針要求金融機構在使用雲服務時進行盡職調查並實施強健的管治和風險管理流程。

雲安全環境應定期審查,服務應遵從多種行業認證。例如,ISO 27001概述了安全管理的最佳實踐,而ISO 27017和ISO 27018提供了針對雲的具體安全建議。此外,MTCS Level 3和PCI DSS Level 1為新加坡和支付卡行業提供了更進一步的安全標準。

通過將以治理為中心,適合審核的功能與認證和審核標準結合,監管機構可以確保雲供應商的安全控制環境。

MAS指導方針提供了風險管理技巧的建議,包括對雲服務的盡職調查和風險評估。預計金融機構將遵循這些指導方針,並每年或按要求向MAS報告其合規情況。

MAS的技術風險管理(TRM)指導方針和新加坡銀行協會(ABS)雲計算實施指南為雲外包的風險管理,管治和控制提供了額外的指導。

總的來說,每家虛擬銀行走向雲技術的道路都是獨特的。虛擬銀行需要理解他們的現狀,期望狀態,以及從一種狀態過渡到另一種狀態所需的步驟,以便成功實施雲技術。這種理解將幫助虛擬銀行設定目標並開發工作流程,以實現成功的雲遷移。

  • 6 min read

FinTech Security and Regulation

As a FinTech consultant, I am conducting a study on the security and regulation of virtual banking in the US financial sector. The federal and state governments in the United States have various agencies that regulate and oversee financial markets and businesses. Each of these agencies has a distinct set of tasks and responsibilities, allowing them to operate independently while pursuing similar objectives.

The United States operates under a "dual banking system," meaning that banks can be chartered by either one of the 50 states or by the federal government. Regardless of who charters the bank, it will have at least one federal supervisor. Below is a list of US banking regulations that virtual banks must adhere to.

Firstly, the Gramm-Leach-Bliley Act (GLBA) mandates that financial institutions—companies providing financial products or services like loans, financial or investment advice, or insurance—inform their customers about their information-sharing practices and protect sensitive data.

The principal data protection elements of the GLBA are outlined in the Safeguards Rule. The FTC's Privacy of Consumer Financial Information Rule (Privacy Rule) supplements the GLBA by providing additional privacy and security requirements. The GLBA is enforced by the FTC, federal banking agencies, other federal regulatory bodies, and state insurance oversight agencies.

For instance, the Safeguards Rule (16 CFR 314) requires financial institutions under FTC jurisdiction to have safeguards for protecting client information. Companies subject to this rule must ensure that their affiliates and service providers maintain customer data securely and implement their own protective measures.

Additionally, the Financial Privacy Rule (16 CFR Part 313) requires financial institutions to issue specific notices and adhere to certain limitations on the dissemination of nonpublic personal information. Unless an exception applies, financial institutions must inform both affiliated and non-affiliated third parties about their privacy policies and practices and allow consumers to opt out of sharing their nonpublic personal information with nonaffiliated third parties.

Secondly, the California Consumer Privacy Act of 2018 (CCPA) grants consumers more control over personal data collected by organizations. California consumers now have new privacy rights, including the right to know what personal information a business collects and how it is used and shared; the right to request the deletion of collected personal information (with some exceptions); the right to opt out of the sale of their personal information; and the right to non-discriminatory treatment for exercising their CCPA rights.

In November 2020, Californians voted to enact the California Privacy Rights Act (CPRA), which significantly expands existing privacy rules and will take effect on January 1, 2023. It's worth noting that the current "business-to-business" and "HR" exceptions will expire on the same date, making the full range of CPRA standards applicable to these types of personal information, which are currently largely exempt from the CCPA.

Thirdly, the NYDFS Cybersecurity Regulation (23 NYCRR 500) imposes strict cybersecurity standards on financial institutions in New York. Under this regulation, entities like banks, mortgage companies, and insurance providers must implement comprehensive cybersecurity plans and policies and maintain ongoing reporting systems for cybersecurity events.

Fourthly, the Information Technology Examination Handbook's "Outsourcing Technology Services Booklet" offers guidelines to help examiners and bankers evaluate the risk management processes involved in establishing, managing, and monitoring IT outsourcing relationships. Federal financial regulators have the authority to oversee all activities and records of a financial institution, whether performed by the institution itself or by a third party.

Fifthly, another section of the Information Technology Examination Handbook, the "Information Security" booklet, provides guidance on assessing the level of security risks to a financial institution's information systems. It encourages institutions to maintain robust information security programs that are supported by board and senior management, integrated into business processes, and clearly accountable for security tasks.

Sixthly, the Consumer Financial Protection Bureau (CFPB) has issued guidelines for its Information Technology Examination Procedures under Compliance Management Review. While institutions can outsource operational aspects of a product or service, they cannot delegate the responsibility for ensuring compliance with federal consumer financial regulations or managing the risks associated with service provider agreements.

In summary, virtual banks operating in the United States must comply with all the aforementioned regulations. This involves interpreting the rules, clarifying them, and preparing the necessary documentation. To achieve compliance, virtual banks will need to thoroughly analyze these requirements and take the appropriate steps to meet them.

Some of the key bank regulations in the United States include the following:

  1. Regulation B: This regulation aims to prevent discrimination in the credit application process. It outlines the procedures lenders must follow when obtaining and processing credit information. Under this regulation, lenders are prohibited from discriminating based on age, gender, race, nationality, or marital status.

  2. Community Reinvestment Act of 1977 via Rule BB: This Federal Reserve regulation encourages banks to lend to low- and moderate-income borrowers. It also requires institutions to disclose the communities they intend to serve and the types of credit they are willing to offer there.

  3. Home Mortgage Disclosure Act of 1975 via Regulation C: This regulation mandates that many financial institutions annually provide loan data about the communities to which they have offered residential mortgages.

  4. Regulation CC: This rule requires depository institutions to make funds available within specified time periods and inform customers about their funds' availability practices. It also includes measures to expedite the collection and return of unpaid checks.

  5. Regulation D: This regulation imposes reserve requirements on certain deposits and other liabilities of depository institutions for monetary policy purposes.

  6. Regulation DD: Financial institutions are obligated to inform customers about annual percentage yields, interest rates, minimum balance requirements, account opening disclosures, and fee schedules. This regulation applies to personal accounts, not corporate or organizational accounts.

  7. Regulation E: This regulation establishes standards for electronic funds transfers, specifying the responsibilities of both consumers and financial institutions. It covers actions consumers must take to report issues and the steps banks must follow to offer remedies.

  8. Regulation H: This rule requires member banks to implement security measures against specific offenses, as outlined by the Bank Protection Act. Member banks are also required to report suspicious activities under this regulation.

  9. Servicemembers Civil Relief Act (SCRA): This federal law protects military personnel as they prepare to enter active service, covering a range of topics such as rental agreements, evictions, and interest rates on various forms of credit.

  10. Bank Secrecy Act (BSA): Also known as the Currency and Foreign Transactions Reporting Act, this regulation mandates that financial institutions report certain cash transactions exceeding $10,000.

  11. Unlawful Gambling Enforcement Act (UIGEA/Regulation GG): This regulation prohibits transactions related to illegal internet gambling.

  12. Regulation M: Known as Subchapter M, this IRS regulation allows investment companies to pass on capital gains, dividends, and interest to individual investors without double taxation.

  13. Regulation O: This rule limits the credit extensions that a member bank can offer to its executive officers, major shareholders, and directors.

  14. Regulation T: This regulation governs investor cash accounts and the credit that brokerages may extend for the purchase of securities.

  15. Regulation U: This regulation restricts the leverage that can be used in buying securities with loans secured by those securities.

  16. Regulation V: This rule requires all entities that provide information to consumer reporting agencies to ensure the information is accurate.

  17. Regulation W: This Federal Reserve regulation restricts certain transactions between banks and their affiliates.

  18. Regulation X: This sets credit limits for foreign individuals or organizations purchasing U.S. Treasury securities.

  19. Regulation Y: This governs the conduct of corporate bank holding companies and some state-member banks.

  20. Regulation Z: Also known as the Truth in Lending Act, this regulation aims to ensure that loan terms are communicated clearly, enabling consumers to easily compare credit arrangements.

In conclusion, the above overview outlines the U.S. banking authorities and regulations that virtual banks must comply with.

  • in podcast
  • 3 min read

FinTech Security and Regulation

Welcome back to Continuous Improvement, the podcast where we explore the world of finance, technology, and innovation. I'm your host, Victor, and in today's episode, we're diving into the fascinating world of virtual banking regulations in the United States.

As a FinTech consultant, I've been studying the security and regulation landscape in the US financial sector, specifically in relation to virtual banking. The US operates under a unique "dual banking system," which means banks can be chartered by either one of the 50 states or by the federal government. But regardless of who charters the bank, there are regulations that virtual banks must adhere to.

Let's start with the Gramm-Leach-Bliley Act, commonly known as the GLBA. This act mandates that financial institutions inform their customers about their information-sharing practices and protect sensitive data. The GLBA is enforced by the Federal Trade Commission (FTC), federal banking agencies, other regulatory bodies, and state insurance oversight agencies.

Under the GLBA, financial institutions must have safeguards in place to protect client information. These safeguards extend to their affiliates and service providers as well. Additionally, financial institutions must issue specific notices and adhere to limitations on the dissemination of nonpublic personal information.

Now, let's move to the California Consumer Privacy Act, or CCPA. This act grants consumers more control over their personal data collected by organizations. It provides rights such as knowing what data is collected and how it is used, requesting the deletion of personal information, opting out of the sale of personal information, and non-discriminatory treatment.

California voters also approved the California Privacy Rights Act, or CPRA, which expands existing privacy rules further. However, some exemptions will expire on January 1, 2023, making the full range of CPRA standards applicable.

Moving on, the NYDFS Cybersecurity Regulation imposes strict cybersecurity standards on financial institutions in New York. Banks, mortgage companies, and insurance providers must implement comprehensive cybersecurity plans and maintain reporting systems for cybersecurity events.

When it comes to outsourcing technology services, there are guidelines outlined in the Information Technology Examination Handbook. Financial regulators have the authority to oversee all activities and records, ensuring compliance with federal consumer financial regulations.

And let's not forget the Consumer Financial Protection Bureau, which has its own guidelines for information technology examination procedures. While aspects of a product or service can be outsourced, the responsibility for compliance with regulations cannot be delegated.

To summarize, virtual banks operating in the US must comply with various regulations related to data protection, privacy, cybersecurity, and financial operations. This includes the Gramm-Leach-Bliley Act, the California Consumer Privacy Act, NYDFS Cybersecurity Regulation, outsourcing guidelines from the Information Technology Examination Handbook, and more.

Understanding and adhering to these regulations is crucial for virtual banks to protect their customers' information, maintain compliance, and build trust in the financial sector.

That's it for today's episode of Continuous Improvement. I hope you found this overview of virtual banking regulations in the US insightful. Stay tuned for more episodes where we explore the latest trends, challenges, and innovations in the world of finance and technology.

As always, I'm your host Victor, and thank you for listening to Continuous Improvement.

  • in zh
  • 6 min read

FinTech Security and Regulation

As a FinTech consultant, I am conducting a study on the security and regulation of virtual banking in the US financial sector. The federal and state governments in the United States have various agencies that regulate and oversee financial markets and businesses. Each of these agencies has a distinct set of tasks and responsibilities, allowing them to operate independently while pursuing similar objectives.

The United States operates under a "dual banking system," meaning that banks can be chartered by either one of the 50 states or by the federal government. Regardless of who charters the bank, it will have at least one federal supervisor. Below is a list of US banking regulations that virtual banks must adhere to.

Firstly, the Gramm-Leach-Bliley Act (GLBA) mandates that financial institutions—companies providing financial products or services like loans, financial or investment advice, or insurance—inform their customers about their information-sharing practices and protect sensitive data.

The principal data protection elements of the GLBA are outlined in the Safeguards Rule. The FTC's Privacy of Consumer Financial Information Rule (Privacy Rule) supplements the GLBA by providing additional privacy and security requirements. The GLBA is enforced by the FTC, federal banking agencies, other federal regulatory bodies, and state insurance oversight agencies.

For instance, the Safeguards Rule (16 CFR 314) requires financial institutions under FTC jurisdiction to have safeguards for protecting client information. Companies subject to this rule must ensure that their affiliates and service providers maintain customer data securely and implement their own protective measures.

Additionally, the Financial Privacy Rule (16 CFR Part 313) requires financial institutions to issue specific notices and adhere to certain limitations on the dissemination of nonpublic personal information. Unless an exception applies, financial institutions must inform both affiliated and non-affiliated third parties about their privacy policies and practices and allow consumers to opt out of sharing their nonpublic personal information with nonaffiliated third parties.

Secondly, the California Consumer Privacy Act of 2018 (CCPA) grants consumers more control over personal data collected by organizations. California consumers now have new privacy rights, including the right to know what personal information a business collects and how it is used and shared; the right to request the deletion of collected personal information (with some exceptions); the right to opt out of the sale of their personal information; and the right to non-discriminatory treatment for exercising their CCPA rights.

In November 2020, Californians voted to enact the California Privacy Rights Act (CPRA), which significantly expands existing privacy rules and will take effect on January 1, 2023. It's worth noting that the current "business-to-business" and "HR" exceptions will expire on the same date, making the full range of CPRA standards applicable to these types of personal information, which are currently largely exempt from the CCPA.

Thirdly, the NYDFS Cybersecurity Regulation (23 NYCRR 500) imposes strict cybersecurity standards on financial institutions in New York. Under this regulation, entities like banks, mortgage companies, and insurance providers must implement comprehensive cybersecurity plans and policies and maintain ongoing reporting systems for cybersecurity events.

Fourthly, the Information Technology Examination Handbook's "Outsourcing Technology Services Booklet" offers guidelines to help examiners and bankers evaluate the risk management processes involved in establishing, managing, and monitoring IT outsourcing relationships. Federal financial regulators have the authority to oversee all activities and records of a financial institution, whether performed by the institution itself or by a third party.

Fifthly, another section of the Information Technology Examination Handbook, the "Information Security" booklet, provides guidance on assessing the level of security risks to a financial institution's information systems. It encourages institutions to maintain robust information security programs that are supported by board and senior management, integrated into business processes, and clearly accountable for security tasks.

Sixthly, the Consumer Financial Protection Bureau (CFPB) has issued guidelines for its Information Technology Examination Procedures under Compliance Management Review. While institutions can outsource operational aspects of a product or service, they cannot delegate the responsibility for ensuring compliance with federal consumer financial regulations or managing the risks associated with service provider agreements.

In summary, virtual banks operating in the United States must comply with all the aforementioned regulations. This involves interpreting the rules, clarifying them, and preparing the necessary documentation. To achieve compliance, virtual banks will need to thoroughly analyze these requirements and take the appropriate steps to meet them.

Some of the key bank regulations in the United States include the following:

  1. Regulation B: This regulation aims to prevent discrimination in the credit application process. It outlines the procedures lenders must follow when obtaining and processing credit information. Under this regulation, lenders are prohibited from discriminating based on age, gender, race, nationality, or marital status.

  2. Community Reinvestment Act of 1977 via Rule BB: This Federal Reserve regulation encourages banks to lend to low- and moderate-income borrowers. It also requires institutions to disclose the communities they intend to serve and the types of credit they are willing to offer there.

  3. Home Mortgage Disclosure Act of 1975 via Regulation C: This regulation mandates that many financial institutions annually provide loan data about the communities to which they have offered residential mortgages.

  4. Regulation CC: This rule requires depository institutions to make funds available within specified time periods and inform customers about their funds' availability practices. It also includes measures to expedite the collection and return of unpaid checks.

  5. Regulation D: This regulation imposes reserve requirements on certain deposits and other liabilities of depository institutions for monetary policy purposes.

  6. Regulation DD: Financial institutions are obligated to inform customers about annual percentage yields, interest rates, minimum balance requirements, account opening disclosures, and fee schedules. This regulation applies to personal accounts, not corporate or organizational accounts.

  7. Regulation E: This regulation establishes standards for electronic funds transfers, specifying the responsibilities of both consumers and financial institutions. It covers actions consumers must take to report issues and the steps banks must follow to offer remedies.

  8. Regulation H: This rule requires member banks to implement security measures against specific offenses, as outlined by the Bank Protection Act. Member banks are also required to report suspicious activities under this regulation.

  9. Servicemembers Civil Relief Act (SCRA): This federal law protects military personnel as they prepare to enter active service, covering a range of topics such as rental agreements, evictions, and interest rates on various forms of credit.

  10. Bank Secrecy Act (BSA): Also known as the Currency and Foreign Transactions Reporting Act, this regulation mandates that financial institutions report certain cash transactions exceeding $10,000.

  11. Unlawful Gambling Enforcement Act (UIGEA/Regulation GG): This regulation prohibits transactions related to illegal internet gambling.

  12. Regulation M: Known as Subchapter M, this IRS regulation allows investment companies to pass on capital gains, dividends, and interest to individual investors without double taxation.

  13. Regulation O: This rule limits the credit extensions that a member bank can offer to its executive officers, major shareholders, and directors.

  14. Regulation T: This regulation governs investor cash accounts and the credit that brokerages may extend for the purchase of securities.

  15. Regulation U: This regulation restricts the leverage that can be used in buying securities with loans secured by those securities.

  16. Regulation V: This rule requires all entities that provide information to consumer reporting agencies to ensure the information is accurate.

  17. Regulation W: This Federal Reserve regulation restricts certain transactions between banks and their affiliates.

  18. Regulation X: This sets credit limits for foreign individuals or organizations purchasing U.S. Treasury securities.

  19. Regulation Y: This governs the conduct of corporate bank holding companies and some state-member banks.

  20. Regulation Z: Also known as the Truth in Lending Act, this regulation aims to ensure that loan terms are communicated clearly, enabling consumers to easily compare credit arrangements.

In conclusion, the above overview outlines the U.S. banking authorities and regulations that virtual banks must comply with.

  • 3 min read

My Operating Manual as a Manager

I recently completed an online course on becoming a Complete Manager. One valuable lesson was the importance of creating an operating manual explicitly designed to help others understand the best ways to work with me. The manual serves to accelerate relationship-building with my teammates. I share it during one-on-one conversations, reinforcing the resiliency of my relationships and enabling quicker trust repair in the event of conflicts.

Ways of Working - Communication

Preferences for Receiving Feedback

  • Be honest and assume positive intent.
  • No surprises. Communicate issues early and often; I can't fix what I don't know.
  • Be specific and use examples rather than vague arguments. Make any assumptions about me explicit.

Preferences for Giving Feedback

  • Opt for 1:1 private meetings over group settings.
  • Base discussions on facts rather than subjective biases. Be rational, not emotional.
  • Provide constructive suggestions.

Forms of Communication

  • Use Slack for internal team messages and respond as promptly as possible. Quick questions will come via Slack.
  • Utilize email for external clients and Google Meet for extended discussions. Please provide advance notice so I can prepare.
  • Reserve in-person interactions for social activities and team building. I won't contact my team via WhatsApp during non-office hours.

Ways of Working - Time Management

  • My peak focus time for independent work like software development or document writing is in the morning. Feel free to interrupt for urgent matters.
  • I collaborate best in the afternoons during team meetings or casual catch-ups for team-building activities.

Calendar Scheduling

  • Send Google Calendar invites and either accept or reject them. If the timing isn't ideal, propose a new time.
  • If you can't attend, decline the invite in advance and offer a brief explanation.
  • I generally arrive on time for meetings. If I anticipate being late, I'll inform you via Slack.

Ways of Working - Information

Preference for Digesting Information

  • I prefer reading to listening, as it allows me to process information more quickly.
  • For detailed answers requiring analysis, communicate asynchronously. For quick guesses, synchronous communication is fine.

Making Meetings Successful

  • Limit group size to fewer than nine people for meaningful conversation.
  • Keep meetings within an hour, focusing on interaction over process.
  • Be open-minded and ready to pivot when necessary.

Ways of Working - Getting it Right

What People Often Get Right About Me

  • I'm an introvert; networking events drain me quickly.
  • I'm a continuous learner with two master's degrees and various IT certifications.
  • I work more efficiently in an office than at home.

What People Often Underestimate About Me

  • My language skills are useful for APAC sales presentations.
  • Despite being introverted, I have a sense of humor and enjoy team camaraderie.
  • I am ambitious and goal-oriented, influenced by an Asian cultural emphasis on humility.

Ways of Working - What I Value Most

  • Continuous improvement: Competence is the foundation of good management.
  • Servant leadership: Team success over personal gains.
  • Agile mindset: Flexibility and adaptability in a dynamic work environment.

Ways of Working - Relationship

When Relationships are at Their Best

  • Diverse skills with clear roles and responsibilities.
  • Democratic decision-making and consensus-building.
  • Transparency, trust, and a harmonious atmosphere.

When Relationships are Frustrating or Stressful

  • Show empathy and avoid the blame game during frustrating times.
  • Don't distract with frequent status updates when I'm focused on challenging tasks.

In summary, this operating manual is an evolving document that reflects my management style and learning. If you'd like to discuss anything further, please feel free to reach out. I'm eager to collaborate with you.

  • in podcast
  • 3 min read

My Operating Manual as a Manager

Welcome to "Continuous Improvement," the podcast dedicated to helping you grow and succeed as a manager. I'm your host, Victor, and today we're diving into the topic of creating an operating manual to enhance relationships in the workplace.

I recently completed an online course on becoming a Complete Manager, and one valuable lesson I learned was the importance of having an operating manual. This manual is designed to help others understand the best ways to work with me and accelerate relationship-building with my teammates.

Communication is the foundation of any successful team, and that's why I've outlined my preferences for giving and receiving feedback in my manual. It's important to be honest and assume positive intent, and to communicate issues early and often. Remember, I can't fix what I don't know.

When giving feedback, it's best to opt for one-on-one private meetings and base discussions on facts rather than subjective biases. By providing constructive suggestions, we can all grow and improve together.

In terms of communication channels, I prefer using Slack for internal team messages and responding as promptly as possible. Quick questions are best suited for Slack, while email is preferred for external clients. For extended discussions, let's utilize Google Meet, but please provide advance notice so I can prepare.

Moving on to time management, it's important to understand each other's peak focus times for independent work. For me, that's in the morning, so feel free to interrupt for urgent matters during that time. Collaboration and team meetings tend to work best for me in the afternoon.

When it comes to calendar scheduling, send Google Calendar invites and either accept or reject them. If the timing isn't ideal, propose a new time. And if you can't attend a meeting, please decline the invite in advance and offer a brief explanation.

We all have different preferences for digesting information, and for me, reading allows me to process information more quickly. Asynchronous communication is preferred for detailed answers requiring analysis, while synchronous communication is fine for quick exchanges.

Making meetings successful is crucial to our productivity. Let's limit group size to fewer than nine people for meaningful conversation, keep meetings within an hour, and focus on interaction over process. And remember, be open-minded and ready to pivot when necessary.

It's important to understand what people often get right about me and what they may underestimate. I'm an introvert, so networking events drain me quickly, but I have a sense of humor and enjoy team camaraderie. And despite my humility, I am ambitious and goal-oriented.

My operating manual also reflects what I value most as a manager. Continuous improvement is the foundation of good management, with a focus on competence. I also believe in servant leadership – prioritizing team success over personal gains. And in our dynamic work environment, having an agile mindset is crucial.

Understanding the dynamics of relationships is key to a harmonious team. When relationships are at their best, there are clear roles and responsibilities, democratic decision-making, and a transparent and trusting atmosphere. During frustrating times, let's show empathy and avoid the blame game.

In summary, my operating manual is a living and evolving document that reflects my management style and learning. If you have any questions or want to discuss anything further, please feel free to reach out. I'm eager to collaborate with you.

And that concludes today's episode of "Continuous Improvement." Thank you for tuning in, and remember, a successful manager is always striving to improve. Join us next time as we explore more ways to grow in your managerial journey. Take care, and stay focused on continuous improvement.

  • in zh
  • 1 min read

作為經理的操作手冊

我最近完成了一門成為完整經理的在線課程。一個寶貴的課程,就是創建一份明確設計來幫助其他人理解與我一起工作的最佳方式的操作手冊的重要性。這份手冊有助於加強我與我的團隊成員建立關係。我在一對一的對話中分享這份手冊,進一步強化我的關係的韌性,且在衝突發生時能更快地恢復信任。

工作方式 -溝通

接收反饋的偏好

  • 誠實且總是樂觀地面對。
  • 沒有驚喜。提早且經常性地溝通問題;我無法修正我不知道的事情。
  • 具體且使用實例而不是模糊的爭論。將對我任何假設明確表達。

給予反饋的偏好

  • 選擇在1對1的私人會議中,而不是在團隊的設定中。
  • 基於事實而不是主觀偏見來討論。應該理性,而不是情緒化。
  • 提供建設性的建議。

溝通的方式

  • 使用Slack作為團隊內部信息,並盡快回覆。快問題將透過Slack 提出。
  • 使用電子郵件來應對外部客戶和Google Meet進行深入討論。提前通知我以便我做好準備。
  • 保留在離線互動的社交活動和團隊建設。我不會在非辦公時間透過 WhatsApp 聯繫我的團隊。

工作方式 -時間管理

  • 我最佳的獨立工作,如軟件開發或文件撰寫的集中時間是在早晨。如有急事,請隨時打斷我。
  • 我在下午的團隊會議或隨和的聊天中最佳的合作時間,這些都是團隊建設活動。

日曆安排

  • 發送Google日曆邀請,並接受或拒絕他們。如果時間不佳,提議新的時間。
  • 如果你不能出席,請提前拒絕邀請並提供簡短的說明。
  • 我通常會準時到達會議。如果我預見將會遲到,我將通過Slack 通知您。

工作方式 -信息

消化信息的偏好

  • 我寧願閱讀而不是聆聽,因為這讓我更快地處理信息。
  • 對於需要分析的詳細答案,進行異步溝通。對於快速的猜測,同步溝通就可以。

讓會議得到成功的方法

  • 把團隊規模限制在少於九人以進行有意義的對話。
  • 保持會議在一小時內,更加注重互動而不是過程。
  • 保持開放的心態,做好變革的準備。

工作方式 -做對的事情

人們常常對我做對的事情

  • 我是一個內向的人;社交活動消耗我相當多的精力。
  • 我是一個持續學習的人,有兩個碩士學位和各種IT證書。
  • 我在辦公室的工作效率比在家裡更高。

人們常常低估我

  • 我的語言技能對於APAC地區的銷售呈現非常有用。
  • 儘管是個內向的人,我有幽默感並喜歡團隊的歡愉。
  • 我是一個有雄心且以目標為導向的人,受亞洲文化對謙虛的強調影響。

工作方式 -我最重視的事情

  • 持續的改進:能力是良好管理的基礎。
  • 公僕領導者:團隊的成功高於個人的收益。
  • 敏捷的心態:在動態工作環境中的靈活性和適應性。

工作方式 -關係

當關係在最佳狀態時

  • 不同的技能具有明確的角色和責任。
  • 民主的決策製定和共識建立。
  • 透明度,信任和和諧的氣氛。

當關係令人沮喪或壓力時

  • 在受挫的時候要展示同情並避免指責遊戲。
  • 不要在我專注努力的任務時用狀態更新干擾我。

總的來說,這份操作手冊是一份關於我的管理風格和學習的進化文檔。如果您願意進一步討論任何事情,請隨時與我聯繫。我非常期待與您合作。