About a-team Marketing Services
The knowledge platform for the financial technology industry
The knowledge platform for the financial technology industry

A-Team Insight Blogs

Focus on Resiliency on the Rise as Cyber Threats Grow

Subscribe to our newsletter

By Jason Harrell, Executive Director, Technology Risk Management & Head of Business and Government Cybersecurity Partnerships at DTCC.

Resiliency has rapidly moved up industry and regulatory agendas as the threat of material disruption within the financial services sector (“sector”), including the continued growth of cyber threats, has moved from unlikely to inevitable. Resiliency is the practices and disciplines that enable firms to provide products and services to the marketplace in the face of potentially disruptive events, regardless of the nature or origin of such events, by anticipating, preventing, recovering from, and adapting to such events.

Most organizations have committed significant resources to implementing strong cybersecurity controls that integrate new techniques and existing technologies with the more established risk management methods. However, these controls form only part of what is necessary to achieve a robust level of resiliency, due to the complexity of the marketplace, the connectedness driven by new market entrants, the digitalization of financial services, and the increased activity of well-funded, malicious threat actors.

Regulators and standard setting bodies (SSBs) continue to elevate their interest in this area. Many firms have adopted standards in the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), a collection of cybersecurity best practices and evaluation criteria. The NIST framework has become a key benchmark of a successful cybersecurity program. Leveraging the NIST CSF, the sector can also identify priority areas for improvement based on the expected level of control by the organization.

Building upon the NIST CSF, the Financial Services Sector Coordinating Council (FSSCC), a public-private partnership designed to protect the sector from cyber-attacks, recently introduced the Cybersecurity Profile. The Profile, developed in partnership with regulatory agencies, integrates supervisory expectations to help financial institutions demonstrate compliance with cyber risk management requirements. The Profile is a good example of a successful partnership between supervisors and the sector to decrease regulatory compliance costs, provide a means to measure each firm’s cybersecurity programs across the sector based on their size and criticality, and redeploy saved resources to protecting the organization.

Led by the Bank of England, the Prudential Regulation Authority, and the Financial Conduct Authority, who published a joint discussion paper detailing their collective views on what would be required to enhance an organization’s resiliency and the steps supervisors should take to support the sector, market supervisors have also begun to focus on resiliency. Additionally, action has been taken to strengthen resiliency across the EU, with ESMA evaluating the need for industry guidelines.

As the regulatory landscape continues to evolve, it is possible for different sets of regulatory guidelines to emerge, which make compliance difficult – and sometimes, impossible – for firms operating globally. To achieve regulatory consistency, regional supervisors should review existing international guidance and partner with the sector to coordinate resiliency-related requirements and outline how firms could meet them. Several frameworks, including the FSSCC Cybersecurity Profile, already exist in the marketplace and could build the foundation for a collaborative, global regulatory effort.

Equally important to a firm’s ability to improve resiliency is its ability to collaborate across the sector to share information, understand risks, identify new threats and develop coordinated responses between organizations. The Financial Systemic Analysis and Resiliency Center (FSARC), a partnership between the sector, the U.S. government, and other key sector partners, provides a controlled environment where the participants can securely collaborate. These collaborations strengthen the sector defences and increases its ability to consistently provide products and services to the marketplace.

These public-private collaborations also enhance market access on a global basis. The interconnectedness of the sector increases access to financial services, enhances customer experience, and promotes financial literacy. These benefits require a network of services that spans across borders and regulatory jurisdictions. The coordination of regulatory guidance and the ability to share differing levels of information through public-private partnerships are critical to providing consumer-centric environment and building further resiliency across the sector.

Subscribe to our newsletter

Related content


Recorded Webinar: How to develop a reporting framework for ESG disclosure regulation

ESG reporting is a challenge and additional burden for many financial institutions as regulations continue to evolve, ESG data management is complex, and global standards remain elusive. Helpful solutions include reporting frameworks that support the collection, understanding, and management of ESG data for disclosure. This webinar will provide practical guidance on how to build a...


Debut ISSB Standards May Usher New Era of More, Better ESG Data

Next week, the International Sustainability Standards Board (ISSB) is due to release the first of its proposals for non-financial disclosures, an event that could usher a new era for ESG data and reporting. The ISSB’s creation by the IFRS Foundation at COP26 in Glasgow, Scotland, two years ago offered the promise of a global framework...


Data Management Summit London

Now in its 14th year, the Data Management Summit (DMS) in London brings together the European capital markets enterprise data management community, to explore how data strategy is evolving to drive business outcomes and speed to market in changing times.


Pricing and Valuations

This special report accompanies a webinar we held a webinar on the popular topic of Pricing and Valuations, discussing issues such as transparency of pricing and how to ensure data quality. You can register here to get immediate access to the Special Report.