The leading knowledge platform for the financial technology industry
The leading knowledge platform for the financial technology industry

A-Team Insight Blogs

Focus on Resiliency on the Rise as Cyber Threats Grow

Subscribe to our newsletter

By Jason Harrell, Executive Director, Technology Risk Management & Head of Business and Government Cybersecurity Partnerships at DTCC.

Resiliency has rapidly moved up industry and regulatory agendas as the threat of material disruption within the financial services sector (“sector”), including the continued growth of cyber threats, has moved from unlikely to inevitable. Resiliency is the practices and disciplines that enable firms to provide products and services to the marketplace in the face of potentially disruptive events, regardless of the nature or origin of such events, by anticipating, preventing, recovering from, and adapting to such events.

Most organizations have committed significant resources to implementing strong cybersecurity controls that integrate new techniques and existing technologies with the more established risk management methods. However, these controls form only part of what is necessary to achieve a robust level of resiliency, due to the complexity of the marketplace, the connectedness driven by new market entrants, the digitalization of financial services, and the increased activity of well-funded, malicious threat actors.

Regulators and standard setting bodies (SSBs) continue to elevate their interest in this area. Many firms have adopted standards in the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), a collection of cybersecurity best practices and evaluation criteria. The NIST framework has become a key benchmark of a successful cybersecurity program. Leveraging the NIST CSF, the sector can also identify priority areas for improvement based on the expected level of control by the organization.

Building upon the NIST CSF, the Financial Services Sector Coordinating Council (FSSCC), a public-private partnership designed to protect the sector from cyber-attacks, recently introduced the Cybersecurity Profile. The Profile, developed in partnership with regulatory agencies, integrates supervisory expectations to help financial institutions demonstrate compliance with cyber risk management requirements. The Profile is a good example of a successful partnership between supervisors and the sector to decrease regulatory compliance costs, provide a means to measure each firm’s cybersecurity programs across the sector based on their size and criticality, and redeploy saved resources to protecting the organization.

Led by the Bank of England, the Prudential Regulation Authority, and the Financial Conduct Authority, who published a joint discussion paper detailing their collective views on what would be required to enhance an organization’s resiliency and the steps supervisors should take to support the sector, market supervisors have also begun to focus on resiliency. Additionally, action has been taken to strengthen resiliency across the EU, with ESMA evaluating the need for industry guidelines.

As the regulatory landscape continues to evolve, it is possible for different sets of regulatory guidelines to emerge, which make compliance difficult – and sometimes, impossible – for firms operating globally. To achieve regulatory consistency, regional supervisors should review existing international guidance and partner with the sector to coordinate resiliency-related requirements and outline how firms could meet them. Several frameworks, including the FSSCC Cybersecurity Profile, already exist in the marketplace and could build the foundation for a collaborative, global regulatory effort.

Equally important to a firm’s ability to improve resiliency is its ability to collaborate across the sector to share information, understand risks, identify new threats and develop coordinated responses between organizations. The Financial Systemic Analysis and Resiliency Center (FSARC), a partnership between the sector, the U.S. government, and other key sector partners, provides a controlled environment where the participants can securely collaborate. These collaborations strengthen the sector defences and increases its ability to consistently provide products and services to the marketplace.

These public-private collaborations also enhance market access on a global basis. The interconnectedness of the sector increases access to financial services, enhances customer experience, and promotes financial literacy. These benefits require a network of services that spans across borders and regulatory jurisdictions. The coordination of regulatory guidance and the ability to share differing levels of information through public-private partnerships are critical to providing consumer-centric environment and building further resiliency across the sector.

Subscribe to our newsletter

Related content

WEBINAR

Recorded Webinar: The evolution of market surveillance across sell-side and buy-side firms

Market surveillance is crucial, and in many cases a regulatory requirement, to ensuring orderly securities markets and sustaining confidence in trading. It can be breached and has become increasingly complex in the wake of the Covid pandemic, Brexit, and the emergence of new asset classes. This webinar will review the extent of market abuse in...

BLOG

Sponsored Blog: The Libor Transition: Time for Urgent Action

By Jacob Rank-Broadley, Head of LIBOR Transition, B&I, Refinitiv. Refinitiv’s latest special report takes an in-depth look at the many remaining challenges that surround the imminent cessation of Libor, as well as the potential of data-driven solutions to enable a smooth transition. A landmark transition From the end of 2021, the FCA will no longer...

EVENT

TradingTech Insight Briefing New York

TradingTech Insight Briefing NYC will explore how trading firms are innovating and leveraging technology as a differentiator in today’s cloud and digital based environment.

GUIDE

Regulatory Data Handbook 2021/2022 – Ninth Edition

Welcome to the ninth edition of A-Team Group’s Regulatory Data Handbook, a publication dedicated to helping you gain a full understanding of regulations related to your organisation from the details of requirements to best practice implementation. This edition of the handbook includes a focus on regulations being rolled out to bring order and standardisation to...