Paper Example on Capital One Inc.'s Business Model: Federal & State Regulations

Paper Type:  Case study
Pages:  5
Wordcount:  1217 Words
Date:  2023-09-20

Business models involve structures that have been set up by organizations that act as the set protocols or standards for certain practices in business (Rainer, 2008). In some cases, some of the business may need to use regulations set aside by the federal laws or the state. The capital one Inc. is a firm regulated by both the state as well as the federal laws which demand certain measures of security settings. In particular, banks need to assume a give set up for them to be compliant due to certain customer information as well as the level of the private data contained by the bank. Therefore, Capital One sets their requirements above what the federal laws and the state requires to ensure the security of customer data. The company has been yearning to promote a higher level of customers’ protection.

Trust banner

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

The efforts of security efforts in Capital One incorporate card only access to the buildings without the access of customers. The company demands that every employee needs to have a username as well as a password to be granted access to the computers and the VPN passwords that acts as the essential tokens for remote work. The stated passwords are subject to change after every three months which is an automated requirement which has been set forth by the company’s infrastructure giving notification to the employees that the stated three months is coming to an end and will hence give about ten days to rule out any change before not giving a chance to the employees to have access until it is well updated for it to be effective.

Every employee is needed to have an annual review of compliance training as well as the requirement of security materials, including the company changes or the regulations by the government. Besides, training in business ethics, as well as organizational regulations, are also needed, which ensures that all the workers are notified fairly and expected to have a comprehension of certain levels of policies within the company. After the review, they will hence participate in an exam and go through testing on the capability of understanding the material. The exam should be passed with a mark of at least 70%, which will be completed and also counted.

The accessibility of the employees is done basing on job tasks. For instance, the users under the department of fraud will have access to the databases of the customers and also can look up on the private data. However, employees in the marketing department will not have access to certain personal information for the customers but will be able to access the files of the marketing art and also specification requirements for the company’s information.

The employees who have a close relation with the customers will have other training requirements with the inclusion of the scenarios of customer interaction and also understanding of proper ethical conduct when talking to their customers. The workers in the company also need to have a verification of the identity of customers by asking certain questions that relate to the account with the use of the personal identification material. On the other hand, the customers have requirements that reveal identification after they communicate with the teller to have access to the account, or the requirement is for the customer to have a username and password just in case the customer uses online banking.

The company is depicted to be used across the world, meaning that the regulations are different in relation to every local government. Every state has got certain requirements for protection as well as the federal level in addition to other nations, and hence Capital One will have to have to comply with each. The laws which must be followed by the banks include the bank secrecy Act, Electronic Funds Transfer Compliance, Fair reporting and Fair Debt Collection falling under the commission of Federal Trade, and the US Patriot Act (Spilman, 2017). Some of the banks engaging in healthcare activities are required to meet the compliance standards of the Health Insurance Portability and Accountability Act (HIPAA).

Information Systems Evaluation

The act of complaint maintenance with the laws and regulations which have been set for, banking sector, the processes of banking need to establish the system type which is able to check regular fraudulent activity. Therefore, the company’s employees have been trained, but also the security measures, as well as the systems, are implemented within the network. The buildings in Capital One Company have their firewalls as well as the security software installed that is required on all the machines and is also under tight security teams’ monitoring.

Cyber Law

For any activity which is taken to be suspicious, it is a requirement by the employee to inform the proper channels, whether it is their manager or other departments, manager. The transactions of customers are flagged in case they are portrayed as suspicious, for instance, sending of huge amounts within the accounts or sometimes bouncing of bad checks. In case any account is flagged for the activity, it is then sent to the department of fraud, which further investigates the situation and makes a follow up on the activity. The bank will create a Proceed Report for a Suspicious Activity with a further review. For instance, a report of a suspicious business would need the department of fraud to run the name through the database for an additional activity to check on the business legitimacy.

Cyber Crime

The users of Capital One Company, both internal as well as external users, are given a special set of login information, which includes the password and the username. This will ensure that only the users are directly logged in to the database, which provides a basis for the company to know everyone who accesses specific information, and in a case where a user has not been authorized, then they may end up being flagged. In a case where an unauthorized user attempts to access it and is denied, then they will be locked out as well. The place whereby Capital One credit cards are made used for printing in California had certain special building access demands that weighed every worker on getting into and out of the company. The person would then be flagged if they weighed differently to a certain limit. In most cases where one weighed more leaving as compared to the one coming in, then this would reveal that they could be taking materials that are sensitive with them, which is not granted any chance to leave the building. Every task needs certain limits to accessing the banking material for Capital Ones, and not all the workers will access all the material.


Craig, B. (2013). Cyber Law: The Law of the Internet and Information Technology (1st Ed.). Upper Saddle River, NJ: Pearson Education, Inc.

Official Website of (2017). Federal Banking Regulations. Retrieved from

Official Website of (2017) Banks Can Be Subject to HIPAA Requirements - and HIPAA Penalties for Non-Compliance. Retrieved from

Rainer Jr, R. K., Snyder, C. A., & Carr, H. H. (2008). Risk analysis for information technology. Journal of Management information systems, 8(1), 129-147.

Cite this page

Paper Example on Capital One Inc.'s Business Model: Federal & State Regulations. (2023, Sep 20). Retrieved from

Free essays can be submitted by anyone,

so we do not vouch for their quality

Want a quality guarantee?
Order from one of our vetted writers instead

If you are the original author of this essay and no longer wish to have it published on the ProEssays website, please click below to request its removal:

didn't find image

Liked this essay sample but need an original one?

Hire a professional with VAST experience and 25% off!

24/7 online support

NO plagiarism