Agenda

►Defining and Securing AI Responsibilities in Financial Service

Ioan Nascu, GenAI Security Assurance specialist, Citi 

• Introducing a pragmatic framework that clarifies cybersecurity accountabilities between financial institutions and AI providers
• Leveraging familiar IaaS, PaaS, and SaaS structures to map security responsibilities for AI systems
• Applying the model to Foundation Models to support secure and responsible AI adoption
• Enabling a flexible, high-level approach tailored to the financial sector’s evolving needs

►Keeping Security Teams Sharp in the Absence of Incidents

Steve Armstrong-Godwin, Lead of Security Incident Response and Threat Management, Danske Bank

• Experience-led insights into keeping security teams sharp when incidents are rare but stakes remain high
• Practical methods for building confidence and coordination through low-friction, high-impact exercises
• Design principles for simulations and training that fit real-world constraints, not fantasy budgets
• Tactics to avoid drift, burnout, and complacency—without waiting for a crisis to galvanise the team

►The Calming of the "Cs"

Gill Fenney, Head of IT Risk Governance, Bupa

• Compliance - the ever increasing burden on Financial Services
• Complexity - the nuances of various compliance commitments
• Cost - the cost of attaining and maintaining compliance
• Chaos - the risk of an unstructured approach

►Securing the AI revolution in banking, insurance and asset management

Adam Avards, Principal for Cyber and Third Party Risk Policy, UK Finance (Moderator)
Heena Patel, Business Resilience Analyst, Marex
Steph Phelps, Global Operational Resilience Specialist, RGA

For security leaders, the challenge is stark: how do you secure these systems, ensure compliance, and maintain resilience when the technology itself is evolving faster than the controls designed to protect it?

• Future-Proofing Security: Designing adaptive governance and security frameworks that evolve alongside AI, rather than always playing catch-up
• DORA and AI Compliance: How the Digital Operational Resilience Act reshapes resilience expectations in banking, insurance, and asset management, especially for fast-evolving AI systems
• Securing the AI Supply Chain: Managing third-party and model risks, from external data providers to cloud-based AI platforms, in line with DORA’s ICT risk requirements
• Balancing Innovation and Control: Embedding resilience testing and security guardrails without stifling AI-driven innovation