The rise of the regulator: new rules, new requirements, new headaches

SECURING FINANCIAL SERVICES

25th January, 2024 • London, UK

The rise of the regulator: new rules, new requirements, new headaches

 

In Europe, the UK, the US and Asia, regulators are finally taking cybersecurity seriously

It seems a little odd, given how much regulation there is around market abuse, consumer duty and financial crime, that there has been so little regulatory focus on cybersecurity. Yes, data privacy and resilience have come under the spotlight, but given the huge surge in attacks and the increased risks posed by geopolitical developments, it is surprising regulators have taken so long to revise and add to their rulebooks around cyber.

 

But they are. In Europe NIS2 imposes significant new burdens on organisations and UK-based organisations with EU operations will have no choice but to adhere to them.

 

In the US, the SEC has just The Securities and Exchange Commission today adopted rules requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance. The Commission also adopted rules requiring foreign private issuers to make comparable disclosures.

 

“Whether a company loses a factory in a fire — or millions of files in a cybersecurity incident — it may be material to investors,” said SEC Chair Gary Gensler.

 

That statement explicitly links cybersecurity to enterprise value and makes it a matter of legitimate concern to investors. This is another story that links security to governance but also starts to assign real value to good security.

 

And in Australia (and elsewhere in Asia) regulators are also planning their next moves. In July consultation opened on options for regulatory reforms and voluntary incentives to strengthen the cyber security of Australia's digital economy.

 

While the regulators continue to develop stricter frameworks around cybersecurity, the hackers have worked out that banks themselves are often very well defended. So instead of attacking directly, it’s easier to go in via third-parties or take out key market infrastructure in the same way.

 

This year’s attack on Ion Cleared Derivatives, a third-party service provider of cleared derivatives order management, order execution, trading, and trade processing, caused significant disruption and was a taste of how future hacks may look.

 

And there’s a link to regulation there too: the CFTC noted that the attack compromised firms’ ability to provide regulators with timely and accurate data. So, regulators are beginning to understand that poor security affects their ability to regulate. They will certainly respond.

 

Securing Financial Services will look at cybersecurity at a time of underlying stress in the banking system. Join our real-life case studies and in-depth technical sessions from the security and privacy teams at some of the world’s most admired brands.

View details of the previous event

  • The rise and rise of effective cybersecurity regulation

    • Data privacy is only a small part of the picture.
    • Regulators are looking at operational resilience in key sectors like finance – securing the wholesale payments market is a priority and others will follow.
    • They are looking at disclosure and fining the miscreants. How to comply with new regimes?

  • Mapping resources and controls to material business risks

    • How can CISOs understand which threats represent real business risks?
    • It’s easy to say ‘talk to the business’ – but how does that conversation work?
    • If it does then CISOs can create a framework for prioritizing security, resilience, incident response and BCP spend. 
    • So, what does this look like in practice?

  • Developing the next generation of security leaders

    • If cybersecurity is to change to meet the evolution of our digital world, then so must those who implement it.
    • CISOs cannot cling to an IT paradigm and companies must move away from hiring on false pretences (on budget and commitment) and firing at the first breach.
    • What does a next-gen CISO look like and are you one of them?

  • From cybercrime to cyberwar

    • Blurred lines between cyber-spies, cybercriminals and cyber-armies have transformed the (in)security landscape
    • Nation-state exploits are now widely available
    • How can the various elements of government work better with private sector solution providers and endusers to build security that can cope with not-quite-nation-state attackers?

  • Reining in BigTech

    • Resilience and security increasingly come down to key dependencies outside the organization.
    • With on prem tech the past and Cloud and external IT the future, how do public and private sector organisations ensure security when they rely on vendors who are vulnerable but above leverage with even their biggest clients?
    • Time for governments to step in?

  • Securing digital currencies and DLT

    • The move towards non-cash payment methods during the crisis has been extreme, and looks irreversible.
    • Many more governments are now looking at developing their own digital currencies.
    • How do we go about securing a world in which most - perhaps all - payments are digital?
    • And what about the blockchain?

  • Managing insider threats at a time of crisis

    • When economies are under stress, employees too can find themselves in financial difficulty. When geopolitical tensions rise, people can take sides.
    • Insider threats of various kinds become far more prevalent and dangerous at times like these.
    • How have security and other MIS tools matured to make detecting malicious insiders easier and more accurate?

  • From Cloud security to Cloud incident response

    • Recent Cloud outtages have disrupted low-level infrastructure
    • They have also disabled cybersecurity solutions and sometimes shut down corporate access to critical network assets
    • As well as managing Cloud security, CISOs need good Cloud incident response. How are they going about it?

  • Cloud native next

    • Applications have become increasingly complex, with users demanding more and more.
    • They expect rapid responsiveness, innovative features, and zero downtime.
    • Performance problems are no longer acceptable - they'll easily move to your competitor.
    • Should you go Cloud Native? What does this mean for security in practice?

  • Embracing risk management

    • Until cybersecurity is truly seen as risk management and not a whack-a-mole IT problem, the hackers will continue to evade outmoded control frameworks
    • Part of this is down to CISOs, part of it to Boards and part of it to solution providers
    • The banks have done it. When will the rest of business catch up?

  • Solutions for CISO burnout

    • The number of security professionals on LinkedIn who’ve left without another job to go to is astonishing given the shortage of cyber-talent.
    • Are CISOs being fired for breaches?
    • Are they quitting companies who’ve lied about their commitment to security?
    • How can firms solve this problem?

     

  • Securing the technologies of the future

    • Quantum computers, web3, multiple types of distributed ledger technology, augmented and virtual reality, the Metaverse, AI-driven applications and even organisations, automation as a service
    • These technologies are happening now and they all have security implications
    • Who is thinking about how to secure future tech?

Who Attends

Job titles

Head of Global IT Security
Managing Director Fraud Risk
CISO
Security Governance, Risk and Compliance Manager
Data Loss Prevention - EMEA Operations Lead
Group Head of ICT Risk (Tech. & Cyber) Controls
Strategic Cyber Threat Intelligence Lead
Head of Financial Crime, Info Sec & BCP
Head of Security Architecture
Head of Compliance & Financial Crime
Third Party Risk Consultant
IT Systems Continuity and Integration Manager
Head of Integration, Planning & Development, Compliance Assurance
Information Security Manager
Business Information Security Officer & Third Party Officer
Head of Information Security
CISO
Cyber Security Manager
Head of IT Governance, Risk and Compliance
Senior Information Security Consultant
Group Head of IT Infrastructure and Cybersecurity Audit
Chief Information Security Officer
Compliance Manager & MLRO - UK
Head of Information Security & Audit
Senior Information Reporting Officer
Manager - IT
Senior Server Engineer
Cloud Security Architect
IT Risk Manager
Cyber Security Manager
Senior Technology Risk Manager
Group Head of Risk Domains (Cyber & Tech) and Control Plans
Head of Operational & Technology Risk / CISO
Global Head of IT, Internal Audit
Head of Threat
Head of Security and IT Policy
Lead Information and Cyber Security Specialist (Assurance)
Information Security Programme Manager
Global Infrastructure Security Engineering Manager
VP, Cyber Investigations and Insider Threat Manager
Senior Information Security Consultant
Information Security and Resilience, Operational Risk Oversight Manager
Head of Risk
Global Head - Security Operations
Head of Payment Security
Senior Vice President, Head of Information Security
Cyber Security Manager
Information Security Manager
VP Investigation
PCI Coordinator
Threat Intelligence Manager
Senior Special Agent - Global Security
Vice President - Strategy, Cyber & Intelligence
Head of Investigations and Monitoring
Technology Compliance and Operational Risk Director
Principal Cyber Risk Engineer & Technology Industry Practitioner
Head of Information Security Advisory & Operations
Group Security Operations Manager
Head of Technology
Global CISO
Information Security Officer
Global CISO
Security Operations (SOC) Manager
IT Risk Manager
CISO
Divisional CISO UK, CGC IT, CFO Tech & Platforms IT
Vice President; Information Security Officer
Security Business Partner
Assistant Director of Risk
Group IT Manager
Leader of Network Security EMEA
Security Architect
Senior IT & Cybersecurity Risk Manager
EMEA Operational Security Manager & Business Line Security Officer
CISO
Senior Security Consultant
Technology Risk Management Director - GRC and Quantitative Risk Analysis
Financial Crime and Data Protection Consultant
UKI Cyber Operations Lead
Head of IT and Change
Future Fraud Strategy
Chief Risk Officer
Group Head of Cyber Risk Intelligence
Manager Information Security & Resilience | Operational Risk Oversight
Head of Group-wide Security Optimisation
Director of Cyber Security UK
Technology and Resilience Risk Manager
Leader Payment Systems
Head of IT Risk and Cyber Security
Chief Risk Officer
Acting Chief Information Security Officer, Europe
GRC Manager
Senior Advisor, Information Technology
Manager – Strategy & Intelligence; Investigations, Insider Risk and Data Loss Protection
Chief Information Security Officer
Chief Security Officer EMEA region
Risk Governance Manager (Technology and Cyber)
Head of Information Security
Head of Financial Crime & Compliance Management
Manager of Security Operations, Engineering & Administration
Information Security Strategy and Architecture
Principal Investigations Manager; Physical Security & Investigations
Head of IT Strategy, Governance and Reporting
Senior Specialist Digital Fraud Strategy
Global Head of Information Security
Information Security Officer
Vice President IT Risk - Security Architecture Risk Assessment
Director of IT Governance & Risk Manager

Organisations

Rothschild & Co
Citigroup
Sumitomo Mitsui Banking Corporation
Aldermore Bank PLC
BNY Mellon
BNP Paribas
Refinitiv
Together Money
Travelex Holdings
Gravity Bank
Vanquis Bank
AmTrust International
HSBC
e-finance
Citigroup
Unum
Koine
AerCap
Brewin Dolphin
Phoenix Group
HSBC
LV= Liverpool Victoria
EMQ Inc.
Paragon Customer Communications
PRIMIS Mortgage Network
Activ Trades
SCS Europe
Aviva
Newcastle Building Society
Lloyds Banking Group
Credit Suisse
BNP Paribas
BlueBay Asset Management plc
Travelex Holdings
Quilter plc
Aldermore Bank PLC
Metro Bank
Schroders
London Stock Exchange
Barclays
Fidelity International
TSB Bank
XPS Pensions Group
QBE Insurance
Barclaycard
Redington Limited
Tesco Bank
Yorkshire Building Society
Barclays
Anderson Zaks
Royal Bank of Scotland
American Express
MasterCard
Bank of England
Bank of America Merrill Lynch
Chubb
Quilter plc
Quilter plc
DNA Payments Ltd
First Sentier Investors
GAM Investments
Uphold Inc.
Brewin Dolphin
Brewin Dolphin
Volkswagen Financial Services AG
Credit Suisse
Bank of America
NatWest Group
NS&I (National Savings and Investments)
International Currency Exchange Plc (ICE Plc)
FIS Global
Bank of Ireland
Scotiabank
Société Générale Corporate and Investment Banking - SGCIB
B89
Co-operative Bank plc
AIG Europe
Royal London Group
Aviva
Ipswich Building Society
Santander
Credit Suisse
BNP Paribas
TSB Bank
Prudential
UBS
Close Brothers Group
HSBC
ICBC Standard Bank
thinkmoney
Great-West Lifeco Europe
NEST Corporation (National Employment Savings Trust)
Redwood Bank
Lloyds Banking Group
Man Group Plc
Mapfre Abraxas
BNP Paribas
Jaja Finance
NEST Corporation (National Employment Savings Trust)
Great-West Lifeco Europe
AIB
Barclays
MUFG - Mitsubishi UFJ Financial Group
NewDay
VISTRA
Zenith Bank (UK) Ltd.
MSCI Inc
Commerzbank

Company headcount

1000-1999
10,000+
5000-9999
500-999
10,000+
10,000+
10,000+
500-999
5000-9999
500-999
1000-1999
2000-2999
10,000+
2000-2999
10,000+
10,000+
1-99
100-499
2000-2999
5000-9999
10,000+
5000-9999
100-499
1000-1999
500-999
100-499
1-99
10,000+
1000-1999
10,000+
10,000+
10,000+
100-499
5000-9999
3000-4999
500-999
3000-4999
3000-4999
3000-4999
10,000+
5000-9999
5000-9999
1000-1999
10,000+
10,000+
100-499
3000-4999
3000-4999
10,000+
1-99
10,000+
10,000+
10,000+
2000-2999
10,000+
10,000+
3000-4999
3000-4999
1-99
100-499
500-999
100-499
2000-2999
2000-2999
10,000+
10,000+
10,000+
10,000+
100-499
3000-4999
10,000+
10,000+
10,000+
10,000+
1-99
3000-4999
2000-2999
2000-2999
10,000+
100-499
10,000+
10,000+
10,000+
5000-9999
3000-4999
10,000+
2000-2999
10,000+
1000-1999
1-99
10,000+
100-499
1-99
10,000+
1000-1999
100-499
10,000+
1-99
100-499
10,000+
10,000+
10,000+
10,000+
1000-1999
3000-4999
100-499
3000-4999
10,000+


Venue

Park Plaza Victoria, London

vpp

Location:
Park Plaza Victoria
239 Vauxhall Bridge Road, London, UK, SW1V 1EQ
Telephone: 0333 400 6140

Directions:
Please click here