Compliance alone will not Secure the Bank

Banks scurry to meet compliance requirements; many have a team of professionals whose job is to meet compliance requirements and also convince the auditors that the Bank is Compliant.
A lot of energy is expedited in ensuring SOX, ISO 27 K +++, Basel compliance, the regulators long compliance which banks need to comply with.
Let us focus on Security, many banks have an annual audit and some of them may have a bi- annual audit,
Audits cost time and money and the financial risk management is more demanding then information security; technology is secure, we have a firewall and anti virus and anyways it is not a Board Item in many banks.

Banks need to be able to Crow about their Security 

In the old days information security in banks was bracketed under operational risk, but as banks rely more on technology, information risk management has come out of its own and the banks appoint a CSO, CISO,  GRC Team etc. Many Banks follow a prudent policy of separating IT Risk Management from the IT department and keeping it under the Risk Management Department which is a good practice.
But few banks consider investing on tools and resources that can perform continuous information audit on their information systems. In a fast changing world where banks are held to ransom by organized crime it is time that banks realized that compliance alone will not secure the Bank.
It is time for  banks to invest in SIEM tools, continuous audit and control tools and a team to manage the presence of the bank in a hostile cyber world.
Banks who make the investment in securing themselves in a digital world will survive into the next decade, while others may perish.