About a-team Marketing Services
The knowledge platform for the financial technology industry
The knowledge platform for the financial technology industry

A-Team Insight Blogs

Focus on Resiliency on the Rise as Cyber Threats Grow

Subscribe to our newsletter

By Jason Harrell, Executive Director, Technology Risk Management & Head of Business and Government Cybersecurity Partnerships at DTCC.

Resiliency has rapidly moved up industry and regulatory agendas as the threat of material disruption within the financial services sector (“sector”), including the continued growth of cyber threats, has moved from unlikely to inevitable. Resiliency is the practices and disciplines that enable firms to provide products and services to the marketplace in the face of potentially disruptive events, regardless of the nature or origin of such events, by anticipating, preventing, recovering from, and adapting to such events.

Most organizations have committed significant resources to implementing strong cybersecurity controls that integrate new techniques and existing technologies with the more established risk management methods. However, these controls form only part of what is necessary to achieve a robust level of resiliency, due to the complexity of the marketplace, the connectedness driven by new market entrants, the digitalization of financial services, and the increased activity of well-funded, malicious threat actors.

Regulators and standard setting bodies (SSBs) continue to elevate their interest in this area. Many firms have adopted standards in the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), a collection of cybersecurity best practices and evaluation criteria. The NIST framework has become a key benchmark of a successful cybersecurity program. Leveraging the NIST CSF, the sector can also identify priority areas for improvement based on the expected level of control by the organization.

Building upon the NIST CSF, the Financial Services Sector Coordinating Council (FSSCC), a public-private partnership designed to protect the sector from cyber-attacks, recently introduced the Cybersecurity Profile. The Profile, developed in partnership with regulatory agencies, integrates supervisory expectations to help financial institutions demonstrate compliance with cyber risk management requirements. The Profile is a good example of a successful partnership between supervisors and the sector to decrease regulatory compliance costs, provide a means to measure each firm’s cybersecurity programs across the sector based on their size and criticality, and redeploy saved resources to protecting the organization.

Led by the Bank of England, the Prudential Regulation Authority, and the Financial Conduct Authority, who published a joint discussion paper detailing their collective views on what would be required to enhance an organization’s resiliency and the steps supervisors should take to support the sector, market supervisors have also begun to focus on resiliency. Additionally, action has been taken to strengthen resiliency across the EU, with ESMA evaluating the need for industry guidelines.

As the regulatory landscape continues to evolve, it is possible for different sets of regulatory guidelines to emerge, which make compliance difficult – and sometimes, impossible – for firms operating globally. To achieve regulatory consistency, regional supervisors should review existing international guidance and partner with the sector to coordinate resiliency-related requirements and outline how firms could meet them. Several frameworks, including the FSSCC Cybersecurity Profile, already exist in the marketplace and could build the foundation for a collaborative, global regulatory effort.

Equally important to a firm’s ability to improve resiliency is its ability to collaborate across the sector to share information, understand risks, identify new threats and develop coordinated responses between organizations. The Financial Systemic Analysis and Resiliency Center (FSARC), a partnership between the sector, the U.S. government, and other key sector partners, provides a controlled environment where the participants can securely collaborate. These collaborations strengthen the sector defences and increases its ability to consistently provide products and services to the marketplace.

These public-private collaborations also enhance market access on a global basis. The interconnectedness of the sector increases access to financial services, enhances customer experience, and promotes financial literacy. These benefits require a network of services that spans across borders and regulatory jurisdictions. The coordination of regulatory guidance and the ability to share differing levels of information through public-private partnerships are critical to providing consumer-centric environment and building further resiliency across the sector.

Subscribe to our newsletter

Related content

WEBINAR

Recorded Webinar: The keys to ESG data management success

The transition to a more environmentally and socially sustainable world has created an urgent and strategic priority for the banking and capital markets sector. Driven by stakeholder pressures from investors, regulators and customers to prioritise ESG considerations in their corporate agenda, ESG has accelerated digital transformation and brought a renewed focus on firms to improve...

BLOG

Audit Risk Platform Adds ESG Functions of Use to Investors

A regulatory risk assessment platform for UK-based auditors has been upgraded with ESG functions that can be used in financial institutions’ due diligence processes. RegTech provider Ideagen has made it possible for clients to isolate non-financial reporting requirements from a broader checklist of compliance expectations of companies large and small. The functionality has been created...

EVENT

ESG Data & Tech Briefing APAC

Join us in one of the greenest cities in the world as we bring together thought leading ESG specialists to explore how financial institutions are adapting to the evolving ESG regulatory and market infrastructure.

GUIDE

Regulatory Data Handbook 2019/2020 – Seventh Edition

Welcome to A-Team Group’s best read handbook, the Regulatory Data Handbook, which is now in its seventh edition and continues to grow in terms of the number of regulations covered, the detail of each regulation and the impact that all the rules and regulations will have on data and data management at your institution. This...