RegTech Insight Operational Resilience & Third-Party Risk The latest content from across the platform
Quest Launch Bridges Identity Threat Detection and Recovery for Microsoft Operational Resilience
Quest Software has introduced a new Security Management Platform that brings together identity threat detection and response, recovery, and migration for Microsoft environments. The launch reflects a broader shift in identity security: firms are looking beyond detection alone and towards platforms that can also support resilience, recovery, and lower-risk modernization. The company is positioning the…
DTCC Expands Board with Senior Market Structure, Treasury and Operations Leaders
The Depository Trust & Clearing Corporation (DTCC) has appointed four senior financial services executives to its Board of Directors, reinforcing governance oversight across market infrastructure, risk, and post-trade operations. The new appointees – Roland Chai (Nasdaq), Massimiliano Ciardi (Citadel), Stephen Hood (Marex), and Georges Lauchard (Barclays) – bring experience spanning exchange operations, treasury and funding,…
PS26/2: The FCA Wants Data, Not Declarations on Resilience
The Financial Conduct Authority has moved the UK operational resilience regime into its next phase with PS26/2 on operational incident and third party reporting. Firms have spent the past few years identifying important business services and setting impact tolerances. Supervisors now want structured data that shows how those services hold up under stress. PS26/2 introduces…
ITDR Won’t Save You if You Can’t Recover – Quest Research
For years, financial institutions have invested heavily in identity security, building layered controls around authentication, access management and threat detection. Yet regulators are increasingly focused on resilience – specifically what happens when those controls fail? The findings from Quest Software’s recent State of ITDR 2026: prevention and recovery research point to a clear conclusion: while…
Blackwired’s ThirdWatch: Powering Operational Resilience with Cyber Intelligence
For years, financial institutions have invested heavily in cyber defences designed to protect their own perimeters. Firewalls hardened, endpoints secured, and internal monitoring intensified. But many of the most disruptive recent incidents have propagated through third-party providers, software supply chains, or shared infrastructure. They are aimed at the firms banks depend on. The exploitation of…
Recorded Webinar: Sponsored by FundGuard: NAV Resilience Under DORA, A Year of Lessons Learned
The EU’s Digital Operational Resilience Act (DORA) came into force a year ago, and is reshaping how asset managers, asset owners and fund service providers think about operational risk. While DORA’s focus is squarely on ICT resilience and third-party dependencies, its implications extend deep into core operational processes that are critical to market integrity, investor…
DORA CTPP List Published, But Who’s Missing?
When the European Supervisory Authorities (ESMA, EBA and EIOPA) published the first list of Critical ICT Third-Party Providers (CTPPs) in November 2025, the step marked a major milestone in the rollout of the Digital Operational Resilience Act (DORA). The regulators described the designations as “crucial” to implementing the Union-level oversight framework. Yet despite the significance…
Symphony and the Future of Market Communications: T+1, DORA, and Deepfake Defence
In May 2024, the U.S. capital markets made the long-awaited transition to T+1 settlement, with RegTech company Symphony playing a quiet but pivotal role. The integration of its platform with DTCC’s Central Trade Manager (CTM) gave firms the ability to resolve trade contract breaks in real time, reducing the risk of settlement failure. “The DTCC,…
The DORA Implementation Playbook: A Practitioner’s Guide to Demonstrating Resilience Beyond the Deadline
The Digital Operational Resilience Act (DORA) has fundamentally reshaped the European Union’s financial regulatory landscape, with its full application beginning on January 17, 2025. This regulation goes beyond traditional risk management, explicitly acknowledging that digital incidents can threaten the stability of the entire financial system. As the deadline has passed, the focus is now shifting…