Secure the industry, protect the customer

Securing Financial Services
8th July 2020


How the convergence of fraud, KYC/AML, security and privacy makes cyber a manageable operational risk


Cybersecurity is a top investment priority for financial services firms globally, with the big banks spending up to a billion dollars a year on the problem.

FS firms are prime targets in cyberspace for the same reason they have always been targets: the money.

Smart criminals have long since abandoned guns and dynamite as their tools of choice, and now see direct cyberattacks on financial infrastructure and digital fraud on banks' retail, high-net worth and wholesale customers as an attractive moneymaker.

In addition, disabling a prominent financial organisation is a high-profile way to embarrass a government. Disrupting the data flow between institutions can cause volatility in key markets and unsettle the public.

And a full-scale attack on, say, an ATM system could cause panic and provoke uncontrolled bank runs. So banks are also a CNI target for both organised crime and nation-states.

Retail banks, and also asset managers and insurance companies, with their millions of dependent customers, are under threat as digital transformation is rolled out, as mobile becomes the key customer platform, as open banking and PSD2 create new risks around new Fintech players and APIs.

As one researcher points out: "Mobile malware authors have set their sights firmly on monetization... this is no doubt a response to the explosion in mobile banking and financial applications that we have seen during the last couple of years."

And of course data privacy and GDPR, and payment standards such as PCI DSS, are critical pieces of the FS compliance jigsaw.

Wealth management firms also see cybersecurity as a material threat to their business. Client PID is an absolute priority: the damage that would be done to a private bank if the details of its ultra-high net-worth individuals were leaked would be what one private banker calls a "disaster scenario".

Wholesale and investment banks are also vulnerable. They may not fear so much the DDoS or ransomware attacks that can hit retail institutions so hard, but in payments, FX, transaction banking, trade finance and capital markets, the need for more speed, better connectivity, mobile device access, a better user experience and better analytics has led banks to kick-start the development of digital versions of their products and digital delivery mechanisms.

Clients have continued to demand bank-agnostic platforms and have themselves connected to an increasing number of new platforms and fintechs. This new ecosystem of wholesale financial technology is another area ripe for cyberattack.

In payments, banks are joining global automated clearing-house (ACH) platforms such as PayCommerce and Earthport (now part of VISA), as well as self-described alternative to Swift (hacked in the Bangladesh Bank episode), Ripple.

The cybersecurity problem extends to other areas of wholesale markets. In trade finance, banks are digitizing the physical and financial supply chains as well as the information supply chain - while various fintech platforms are solving specific problems, such as supply-chain finance, for specific types of client.

And Central Banks, from Bangladesh to the Netherlands, are now constantly bombarded with cyber attacks, threatening the stability of the global financial system.

Beyond banking, the asset management industry too is wrestling with problems of data, digital transformation and cybersecurity. Building resilience is now a top priority.
 

Securing Financial Services will cover these and other key subjects for its audience of professionals tasked with safeguarding digital assets and sensitive data. There will be real-life case studies, strategic talks and technical break-out sessions from security teams behind some of the world's most admired brands, who know, just like you, that security is now more important to business than ever.

  • Is open banking open season for cyber attackers?

    The increased attack surface creates new problems for both established and challenger banks, and also new fintechs and platforms.

    • Cybersecurity and PSD2
    • Securing the new ecosystem of banking APIs
    • Securing new fintechs/PSPs/platforms and connections to them
  • Integrating Fraud, KYC/AML and cybersecurity

    Banks must merge Fraud's identity and transaction knowledge, with Cybersecurity's system, IT and vulnerability expertise to build a holistic defence.

    • Using cybersecurity data as a leading risk indicator to discover new frauds
    • Using real-time fraud monitoring data to help detect and prevent cybersecurity vulnerabilities
    • Building data models that blend cybersecurity and fraud indicators to signal possible threats and fraud events
  • Cybersecurity as risk management in the 3LOD model

    Cybersecurity is not unique, it's just another piece of the operational risk management puzzle. Banks need to build the right control environment, based on sound risk management principles organised within the 3LOD model.

    • Cyberrisk versus cybersecurity: taking an operational risk management approach
    • Building a cyberrisk control environment
    • Cybersecurity and the 3LOD model - where does it sit and how is it audited?
  • Securing bank technology

    A study released in 2018 by Accenture examined the security posture of 30 major banking applications. Each of them had at least one known security risk, and a quarter of them were revealed to have at least one flaw that is considered "high-risk".

    • Legacy systems are a huge problem. How can they be made secure?
    • Cloud solutions may help with digital transformation, but what about cybersecurity?
    • As banking moves onto mobile platforms, how can customer data be protected?
    • Securing the blockchain solutions in payments, trade finance and elsewhere
  • Governance and regulation

    Cybersecurity is a stakeholder issue: lenders, bondholders, equity holders, ratings agencies, insurers, regulators and staff all need to know their bank's cybersecurity status. (Oh, and the press too.)

    • Cyber ESG - what to tell whom?
    • Satisfying the regulators: demonstrating good risk posture
    • Measuring and reporting cybersecurity; third-party ratings ensuring your best profile
  • Protecting employees in financial services

    Because FS firms are such attractive targets, their staff are subject to far more attacks than most. Simply calling humans the weakest link isn't good enough. So how to protect employees from becoming unwitting tools of the cybercriminals?

    • Stopping malware before it gets to the desktop
    • Enterprise-scale phishing and BEC protection

Financial sector attendees at recent AKJ events

Job titles

IT Director
Head of Financial Crime & MLRO
EMEA Head of AML Business Intelligence Investigations, Senior Vice President
CTO
Head of Information Security
Head of Fraud Risk Appetite & Performance
CIO
Head of Fraud Prevention
Head of Financial Crime Intelligence
Group Head of Information Security
Global Senior Risk Officer - Infrastructure
Director - Head of Business Security
Head of Security Operation Centre
COO & CTO
Head of IT
Head of Fraud Risk Oversight
Senior Manager, Cyber Threat Intelligence
Global Head Cyber Technology
CISO
Executive Director - EMEA Technology Risk & Controls Management
Head of Information Security
Head of Digital
Group Risk Manager
Data Protection Officer
Global Head of IT, Internal Audit
Head of Financial Crime Prevention
Head of Counter Fraud
Head of Network & Security
Head of Information Security
Group CISO
IT Director
Head of Identity and Access Management
Head of Security
Head of Technology and Cybersecurity Risk
Head of Technology
Group Financial Crime Risk Analytics Senior Manager
Group & UK Data Protection Officer
Head of IT
Head of International Information Security
Head of IT Risk
Chief Information Security Officer EEMxA
UK CISO & DPO
Head of Security Standards and Governance
UK Head, Law Enforcement Outreach & Investigations
Director, Group Information & Cyber Security
Head of Merchant Payment Security
Head of Financial Crime Risk Data and Analytics, Retail Banking
Global Head of Regulatory Compliance Monitoring & Testing, Governance & Standards
Enterprise GRC Director & Data Protection Officer
Head of Information Security and IT Risk
Group Head of Cyber Risk Intelligence
Head of Cyber Operations
Associate Director - Information Security and Data Protection
Head of Group CSIRT
Regional Director Risk Management, Global Information Security
Head of IT Infrastructure
Head of Financial Crime
Group Security Operations Manager
Director - Information Security
Head of Cyber Security
IT Director
Head of Fraud Intelligence
Chief Information Security Officer UK
Regional CISO, Europe & UK
Group Investigations Manager
Group Information Security Officer
Chief Security Architect
Head of Information Security
Chief Operations Officer
Head of Risk
Head of Operational Risk Management
Head of IS & BC
Chief Information Security Officer
Group Head of IT Infrastructure and Cybersecurity Audit
Chief Information Security Officer (CISO)
Global Head of Information Security, IT Risk Management & Business Continuity Management
Fraud Prevention Lead
Head of Group CyberSOC
CISO / DPO
CISO - EMEA
Group Head of Fraud and Credit Risk
Senior Fraud Investigator, Law Enforcement Outreach
Cybersecurity Programme Director
CISO UK, Luxembourg, Bermuda & Central Shared Services
CISO
Managing Director Fraud Risk Consumer Banking
Senior Group I.T. Manager
Director, CIRT
Head of IT
Chief Operating Officer
Head of IT Security
Head of IT
Director, UK Risk Management
CISO
Head of Third Party Assurance and PCI Compliance
Head of Information Security and Data Protection Officer
Head of Infrastructure, Fusion Architect
Senior Forensic Investigator
Director, Technology Risk
Head of Cyber Analytics Technology
Data Protection Officer
Senior Business Manager - Group Security & Fraud
Global Head of IT Risk
Risk and Assurance Director
Group CISO
Global Cyber Operations & Insider Threat Senior Manager
Executive Director, Head of Fusion
Senior Payments Risk Manager
Head of Threat Intelligence
Head of Compliance
Group CISO
VP Global Risk Management EMEA & LACC
ESG Specialist, Vice President
Head of Technology and Operational Risks
Head of Information Security
Global Head - Cyber, Information & Technology Risk Office
Chief Information Security Officer
Senior I.T. Risk Advisor
Head of Information Security and Data Privacy
Head of Information Security
Group CISO
Global Head of Protection & Resilience
Global Security Administrator
CIO
Head of IT Risk & Governance
Head of Threats Intelligence & Defense
Group Manager Security & Fraud - Information Risk
Technology Compliance Director
Head of Technology/Cyber Risk Analytics
Global Fraud Risk Controller
Senior Fraud Manager
Head of IT
Head of Fraud
Group Data Protection Officer
CTO
Director, Compliance & Operational Risk
CISO
Global CISO
Head of IT Strategy
Head of Information Security
CISO
Head of Financial Crime
Risk Architecture Director
Head of Information Security
CISO
Head of Security Engineering and Operations
Director of IT
Head of Cybercrime Intelligence
Head of Risk and Compliance
EMEA Head of Technology & Information Risk Coverage
Executive Director - Cyber Strategy
Director of IT
CISO
Head of I.T. Security
Head of Application Security
Group Cyber Risk and Governance Manager
Head of CERT
EMEA Operational Security Manager & Business Line Security Officer
Head of Core Compliance
Head of Risk – IT & Cybersecurity
Senior Special Agent - Global Security
Head of EMEA Fraud Risk Management
Head of Security Risk Advisory and Security Architecture
Director, Fraud Prevention, Compliance & Operational Risk Control
Head Of Security Operations
Chief Risk & Compliance Officer
Global Head of Network Infrastructure
Executive Director, Cybersecurity & Technology Control Governance & Program Management
Head of Information Security & Risk
Head of Information Security & Audit
Global Director of Financial Crime
CISO
CISO
Head of Security and IT Policy
Head of Information & Cyber Policy
Head of IT Governance, Risk & Compliance
Head of Digital Risk
Group Data Protection Officer
Head of Technology
Director of Cyber Engineering, Operations & Vulnerability Management
Senior Manager, Information & Cyber Security
Head of Information Security
Head of IT Security and Compliance
Group and UK Compliance Director
Head Group PCI
Global Chief Information Security Officer
Head of Operational Risk Management
CISO & Data Protection Officer
Head of Digital Platforms
Head of Compliance & MLRO
Head of Audit IT Infrastructure
Global Cyber Security Manager
Head of Cybersecurity
Group Head of IT Security
Head of Technology Controls
Cybersecurity Director
Global Head of IT Service & Operations and Head of IT EU
Global CISO
Chief Business Information Security Officer
Global Security, Senior Special Agent
CISO
Senior Fraud Analyst
Group I.T. Risk Management Director
Director - Cyber Risk
CISO and Head of IT Risk Management
Chief Cybersecurity Architect
CISO
Senior Vice President - Global Information Security
Director - Enterprise Risk
Director of IT Governance & Risk Manager
Head of Information Security
Risk & Compliance Director
CISO
Group Digital Security and Fraud Manager
Senior Enterprise Architect
Data Protection Business Partner
Head of Information Security
Group Head of IT Security
Head of Operational Risk and Data Protection Officer
Senior Cyber Security Response Analyst
Senior Advisor - Head of Financial Crime Investigations
Senior SIEM Engineer
Chief Information Security Officer
Global Head of Access Management
Head of Business Operational Risk
CISO International
CISO
Head of Financial Crime and Information Security
Head of Innovation, Security and Privacy
Director of Technology & Information Security
Global AML Risk Framework Manager
Director Risk and Control, Global Technology Risk
CISO
Global Head of Security Architecture, Ops & Eng
Director, Intelligence & Incident Response
Group Head of Technology
Head of Cyber Awareness
Director of Global Security
Group Operational Resilience Senior Manager
Global Financial Crime Manager
Head of Digital Fraud Prevention
Head of International Cyber
Head of Digital Risk & Threat Intelligence Lead, EMEA
EMSA CISO
Group Chief Information Security Officer
Head of Technology Risk and Compliance
Group CISO
Digital Risk Manager, Global Security & Fraud Risk
Global Head of Security & Fraud Risk, Global Banking & Markets
CISO UK

Organisations

Covéa Insurance
Mapfre Abraxas
UBS
Deutsche Bank Group
Lloyds Banking Group
Skandinaviska Enskilda Banken
Citigroup
Rothschild & Co
JP Morgan Chase
Lendable
Standard Life Aberdeen
Zurich Insurance Group
Standard Chartered Bank
Lloyds Banking Group
Willis Towers Watson
MUFG - Mitsubishi UFJ Financial Group
Schroders
Santander
AIG Europe
Quilter
Standard Chartered Bank
Aldermore Bank
NewDay
Canada Life
NewDay
Vitality Health
Deutsche Bank Group
ING
Commerzbank
Crédit Mutuel
Shawbrook Bank
Caisse des Dépôts
Starling Bank
Société Générale
Royal Bank of Scotland
Royal Bank of Scotland
Allianz
Swiss Re
Credit Suisse
Winton Capital
JP Morgan Chase
Nationwide Building Society
Close Brothers Premium Finance
Man Group
BMO Financial Group
Standard Bank International
UniCredit
ConCardis
UBS
St. James’s Place Wealth Management
BNP Paribas Cardif
HSBC
Pension Insurance Corporation
Swiss Re
American International Group
Bank of China
BMO Global
Elevate Credit International
Jaja Finance
Monese
KfW
C. Hoare & Co.
Virgin Money
Morgan Stanley
BNP Paribas
Phoenix Group
Crédit Coopératif
American Express
BNP Paribas
Munich Re
Crédit Agricole
Allianz
Morgan Stanley
HSBC
Barclays
Refinitiv
Deutsche Bank Group
Vanquis Bank
RSA Insurance Group
Mizuho
Maple Bank
Crédit Agricole
Société Générale
Alliance Trust
Admiral Group
MarkerStudy
Leeds Building Society
Opel Vauxhall Finance
European Bank for Reconstruction & Development
Legal & General
Jefferies
Clydesdale Bank
Deutsche Bank Group
Commerzbank
Travelex Holdings
SCOR
JP Morgan Chase
Royal Bank of Scotland
Silicon Valley Bank
Aspen Insurance Group
Lloyds Banking Group
European Central Bank
Prudential
Butterfield Bank
Western Union
Aviva Investors
Legal & General
Bank of America Merrill Lynch
Pepper Group
Humanis
AXA
Bank Leumi
Tesco Bank
Jefferies
Sumitomo Mitsui Banking Corporation
Credit Suisse
Lloyds Banking Group
esure
Santander
Aviva
Bank of America Merrill Lynch
Anderson Zaks
Allianz
Capital One
Bank of America Merrill Lynch
RBC Capital Markets
World First
Fraedom
Carrefour Banque
HSBC
Refinitiv
Hiscox
AXA Investment Managers
Berkeley Group
The Co-operative Bank plc
Siemens Financial Services
Munich Re
Barclays
Royal London Group
National Westminster Bank Plc
Direct Line Group
Unum
Acromas
Generali
Nationwide Building Society
Bourse Direct
Barclays
HSBC
Prudential
Aviva Investors
Bank of England
Schroders
Nomura
Planet
LCH
First Rate Exchange Services
Mizuho
RSA Insurance Group
DJE Kapital
Weatherbys Bank
Capital One
Man Group
BlueBay Asset Management plc
Standard Chartered Bank
Barbican Insurance Group
Lloyds Banking Group
Chubb
Citigroup
Bank of America Merrill Lynch
Royal London Group
Aviva
IG Group
Alpha Bank
Société Générale
DZ Bank
Standard Life Aberdeen
Munich Re
BNP Paribas
State Street Corporation
NEST Corporation
Stonehage Fleming
ABN AMRO
Starling Bank
Intercontinental Exchange
Royal Bank of Scotland
Commerzbank
AKA Bank
Aviva
Berkeley Group
Coller Capital
UBS
Natixis
Western Union
AXA
Nomura
Man Group
Redwood Bank
Bank of England
Canadian Imperial Bank of Commerce
AXA
BPCE
Close Brothers Group
West Bromwich Building Society
UBS
SEIB Insurance Brokers
Global Processing Services Ltd
Black Rock
Co-operative Financial Services
American Express
Crédit Agricole
Travelex Holdings
JP Morgan Chase
Alpha FX
Union Bank of India
ReAssure
BNP Paribas Wealth Management
Groupama
Santander
Morgan Stanley
Natixis
Newcastle Building Society
Citigroup
Natixis Assurances
Crédit Mutuel
Metro Bank
TSB Bank
Direct Line Group
Scotiabank
Swinton Insurance
Onesavings Bank
Stonehage Fleming
Council of Europe Development Bank
Majedie Asset Management
China Construction Bank
Brewin Dolphin
Brewin Dolphin
Aegon Group
Bank of Ireland
Eurofactor
Beach and Associates
LV= Liverpool Victoria
Fidelity International
Standard Life Aberdeen
TP ICAP
NS&I
Société Générale
ABN AMRO
Barclays
Allianz Global Investors
Citigroup

Company headcount

10,000+
1000-1999
3000-4999
10,000+
10,000+
5000-9999
10,000+
500-999
10,000+
10,000+
10,000+
1-99
5000-9999
10,000+
500-999
10,000+
100-499
10,000+
10,000+
1000-1999
5000-9999
2000-2999
10,000+
100-499
10,000+
3000-4999
10,000+
100-499
10,000+
10,000+
10,000+
3000-4999
10,000+
2000-2999
10,000+
10,000+
10,000+
10,000+
10,000+
10,000+
10,000+
100-499
10,000+
10,000+
10,000+
10,000+
3000-4999
2000-2999
10,000+
10,000+
1000-1999
3000-4999
10,000+
10,000+
10,000+
1000-1999
10,000+
3000-4999
10,000+
5000-9999
2000-2999
10,000+
10,000+
500-999
100-499
100-499
100-499
10,000+
10,000+
10,000+
1000-1999
100-499
10,000+
10,000+
5000-9999
10,000+
10,000+
10,000+
1-99
1000-1999
10,000+
10,000+
2000-2999
10,000+
100-499
10,000+
10,000+
100-499
10,000+
10,000+
5000-9999
1-99
1000-1999
10,000+
10,000+
10,000+
10,000+
1-99
2000-2999
3000-4999
1-99
10,000+
2000-2999
5000-9999
10,000+
10,000+
10,000+
5000-9999
5000-9999
10,000+
10,000+
10,000+
3000-4999
5000-9999
3000-4999
10,000+
10,000+
10,000+
5000-9999
3000-4999
3000-4999
10,000+
10,000+
10,000+
5000-9999
1000-1999
3000-4999
10,000+
10,000+
10,000+
10,000+
100-499
1000-1999
10,000+
500-999
1000-1999
10,000+
10,000+
10,000+
10,000+
10,000+
10,000+
10,000+
10,000+
100-499
100-499
10,000+
10,000+
3000-4999
100-499
10,000+
3000-4999
5000-9999
100-499
500-999
3000-4999
10,000+
10,000+
10,000+
10,000+
10,000+
10,000+
100-499
10,000+
10,000+
10,000+
100-499
3000-4999
10,000+
10,000+
10,000+
10,000+
10,000+
10,000+
3000-4999
10,000+
10,000+
1-99
10,000+
3000-4999
5000-9999
10,000+
10,000+
10,000+
3000-4999
10,000+
10,000+
10,000+
10,000+
10,000+
10,000+
10,000+
10,000+
1-99
10,000+
10,000+
10,000+
10,000+
3000-4999
10,000+
10,000+
10,000+
3000-4999
1-99
10,000+
5000-9999
5000-9999
10,000+
10,000+
500-999
10,000+
10,000+
3000-4999
3000-4999
10,000+
1000-1999
10,000+
10,000+
1-99
1000-1999
10,000+
3000-4999
500-999
3000-4999
100-499
10,000+
10,000+
10,000+
5000-9999
10,000+
10,000+
10,000+
10,000+
2000-2999
1-99
10,000+
500-999
100-499
1-99
10,000+
5000-9999
10,000+
5000-9999
2000-2999
500-999
2000-2999
2000-2999
500-999
10,000+
1000-1999