Topic-specific policies
ISO/IEC 27562

Search this site

ISMS templates

< Previous standard      ^ Up a level ^      Next standard >


Feb new page added ISO/IEC 27562 — Information technology — Security techniques Privacy guidelines for fintech services [DRAFT]



The proposed 1st working draft states:

    “Fintech refers to the use of ICT technologies across all financial service functions, for example, banking, payments and insurance, etc.

    Fintech represents the next wave of innovation for the financial service sector. Strong authentication technologies, emerging decentralized technologies like blockchain, analytical technologies for fraud detection and anti-money laundering compliance are changing digital financial services. Privacy aspects must be the top priority in order to build trust and confidence in fintech services and applications and to protect financial infrastructure and customers. 

    AML (anti-money laundering) rules require the collection, processing and use of personal data as part of Customer due diligence (KYC). Fraud detections require transaction monitoring, behavioral monitoring, internal data sharing (including within a group), external data sharing (including with regulators and other financial institutions), data sharing for outsourced arrangements; and cross-border processing of data (especially for international payments). Consumers want to be able to control access to their information.

    This document should apply privacy principles described in ISO/IEC 29100:2011 as a starting point. The privacy guideline is to use the existing work on privacy framework (including NIST privacy framework: an enterprise risk management tool) and privacy impact assessment in ISO/IEC 29134:2017 to develop the guidelines.

    It will identify all relevant stakeholder and privacy risks, which are related to fintech services. It also considers regulatory requirements, such as those from anti-money laundering and fraud detection.”


Scope of the standard

Privacy aspects for financial services’ IT.



Content of the standard





A New Work Item was proposed in 2020 and approved in January 2021.

The 1st Working Draft has been proposed already.



Personal notes




< Previous standard      ^ Up a level ^      Next standard >

Copyright © 2021 IsecT Ltd.