About a-team Marketing Services
The knowledge platform for the financial technology industry
The knowledge platform for the financial technology industry

A-Team Insight Blogs

Focus on Resiliency on the Rise as Cyber Threats Grow

Subscribe to our newsletter

By Jason Harrell, Executive Director, Technology Risk Management & Head of Business and Government Cybersecurity Partnerships at DTCC.

Resiliency has rapidly moved up industry and regulatory agendas as the threat of material disruption within the financial services sector (“sector”), including the continued growth of cyber threats, has moved from unlikely to inevitable. Resiliency is the practices and disciplines that enable firms to provide products and services to the marketplace in the face of potentially disruptive events, regardless of the nature or origin of such events, by anticipating, preventing, recovering from, and adapting to such events.

Most organizations have committed significant resources to implementing strong cybersecurity controls that integrate new techniques and existing technologies with the more established risk management methods. However, these controls form only part of what is necessary to achieve a robust level of resiliency, due to the complexity of the marketplace, the connectedness driven by new market entrants, the digitalization of financial services, and the increased activity of well-funded, malicious threat actors.

Regulators and standard setting bodies (SSBs) continue to elevate their interest in this area. Many firms have adopted standards in the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), a collection of cybersecurity best practices and evaluation criteria. The NIST framework has become a key benchmark of a successful cybersecurity program. Leveraging the NIST CSF, the sector can also identify priority areas for improvement based on the expected level of control by the organization.

Building upon the NIST CSF, the Financial Services Sector Coordinating Council (FSSCC), a public-private partnership designed to protect the sector from cyber-attacks, recently introduced the Cybersecurity Profile. The Profile, developed in partnership with regulatory agencies, integrates supervisory expectations to help financial institutions demonstrate compliance with cyber risk management requirements. The Profile is a good example of a successful partnership between supervisors and the sector to decrease regulatory compliance costs, provide a means to measure each firm’s cybersecurity programs across the sector based on their size and criticality, and redeploy saved resources to protecting the organization.

Led by the Bank of England, the Prudential Regulation Authority, and the Financial Conduct Authority, who published a joint discussion paper detailing their collective views on what would be required to enhance an organization’s resiliency and the steps supervisors should take to support the sector, market supervisors have also begun to focus on resiliency. Additionally, action has been taken to strengthen resiliency across the EU, with ESMA evaluating the need for industry guidelines.

As the regulatory landscape continues to evolve, it is possible for different sets of regulatory guidelines to emerge, which make compliance difficult – and sometimes, impossible – for firms operating globally. To achieve regulatory consistency, regional supervisors should review existing international guidance and partner with the sector to coordinate resiliency-related requirements and outline how firms could meet them. Several frameworks, including the FSSCC Cybersecurity Profile, already exist in the marketplace and could build the foundation for a collaborative, global regulatory effort.

Equally important to a firm’s ability to improve resiliency is its ability to collaborate across the sector to share information, understand risks, identify new threats and develop coordinated responses between organizations. The Financial Systemic Analysis and Resiliency Center (FSARC), a partnership between the sector, the U.S. government, and other key sector partners, provides a controlled environment where the participants can securely collaborate. These collaborations strengthen the sector defences and increases its ability to consistently provide products and services to the marketplace.

These public-private collaborations also enhance market access on a global basis. The interconnectedness of the sector increases access to financial services, enhances customer experience, and promotes financial literacy. These benefits require a network of services that spans across borders and regulatory jurisdictions. The coordination of regulatory guidance and the ability to share differing levels of information through public-private partnerships are critical to providing consumer-centric environment and building further resiliency across the sector.

Subscribe to our newsletter

Related content

WEBINAR

Recorded Webinar: How to develop a reporting framework for ESG disclosure regulation

ESG reporting is a challenge and additional burden for many financial institutions as regulations continue to evolve, ESG data management is complex, and global standards remain elusive. Helpful solutions include reporting frameworks that support the collection, understanding, and management of ESG data for disclosure. This webinar will provide practical guidance on how to build a...

BLOG

Data Benefit of CSDDD at Risk as FIs Seek Exclusion, Experts Warn

The anticipated exclusion of financial companies from the EU’s sustainability due diligence law has stung ESG professionals, with some arguing that an opportunity to improve data quality would be missed. The EU’s executive body, the European Commission (EC), is reportedly ready to cede to requests from parts of the financial sector to be left out...

EVENT

Data Management Summit New York City

Now in its 14th year the Data Management Summit NYC brings together the North American data management community to explore how data strategy is evolving to drive business outcomes and speed to market in changing times.

GUIDE

Corporate Actions USA 2010

The US corporate actions market has long been characterised as paper-based and manually intensive, but it seems that much progress is being made of late to tackle the lack of automation due to the introduction of four little letters: XBRL. According to a survey by the American Institute of Certified Public Accountants (AICPA) and standards...