Investigating the factors influencing information security compliance in a financial services firm

Management of information security is a major challenge for financial institutions today. Corporate Social responsibility is imperative sighting the ever escalating crime and abuse of information. As a result managers´ fiduciary duty to protect information is increasingly under scrutiny by national and international regulators. While measures have been put in place to ensure security and compliance, recent evidence suggests organisations still struggle to comply with regulations. A review of previous studies indicates fragmented work on compliance and the significance of the influencing factors has not been determined. This paper aims to create awareness of the regulatory frameworks governing the use of IT, and the factors influencing compliance with information security regulations in the financial sector in South Africa. A conceptual framework explaining the nature of factors influencing compliance was developed and tested in a case study of one financial institution. Mixed methods were used to collect and analyse the data. The results show that compliance is mainly influenced by culture and the influence of mimetic pressure insignificant. In addition, there appears to be much focus on international than national regulations. In particular, there is limited concern or awareness of the stringent ECT Act which regulates the use of electronic technology in South Africa.