15 May 2019, City of London
9:30am to 4:30pm
The latest disclosures about serious cyber security breaches affecting UK financial institutions and their customers have emphasized the scale of the threat. Yet it is estimated only 1 in 5 firms communicate effectively with executive management about cyber-attacks, weak cyber-security features repeatedly in FCA disciplinary cases and Boards continue to devote insufficient time and resources to this critical issue. The implementation of the General Data Protection Regulation (GDPR) has added an additional layer of complexity and potential risk.
The FCA rules, guidance and ‘standards’ for cyber-security are still vague and principles-based, despite the increasing sophistication, volume and variety of cyber-attacks affecting regulated firms. Adding to the challenge are the different standards and requirements in the US and Europe, which need to be navigated by firms whose activities are conducted cross-border.
This practical course is designed primarily for Compliance, Risk and Legal professionals in small to medium sized regulated firms who number cyber-security among their responsibilities. It will also be of value to IT specialists who are new to cyber-security in a FCA regulated environment. It will help you keep up to date with developing best practice and the evolving rules, guidance and standards in this fast changing and increasingly important area of business and regulatory risk.
Specifically, attending will help you:
This course will make use of structured presentations and CASE STUDIES that run throughout the programme to explore and illustrate regulatory expectations and developing best practice in cyber-security for financial services organisations. The case studies will be conducted insamll groups and will include an investment firm, a multi-national insurer and a consumer credit firm. Group size is limited to facilitate sharing of experience among the delegates.
Gary Pitts has over 25 years’ compliance experience in the UK and overseas, including spells with the Personal Investment Authority, Henderson Global Investors, Brevan Howard Asset Management, Religare Capital Markets and as a Managing Partner of a boutique financial services house. He is a former director of Cayman and Luxembourg domiciled hedge funds, as well as regulated companies in the UK and South Africa and has been an FSA/FCA registered person in Controlled Functions 10 and/or 11 since 2001and now runs his own governance and regulatory consultancy: Tetractys Partners LLP. Gary is a regular conference speaker and author of technical articles on compliance related topics and sits on the regulatory advisory group of the Journal of Securities Operations and Custody. He brings a combination of compliance and commercial experience, in terms of both practical implementation and Board level oversight, to the training he delivers.
|The scale of the threat||To assess the latest information about the scale, nature and cost of the cybercrime threat to regulated businesses||
|The UK regulatory background and requirements||To understand the background rules that govern cyber-crime (including data security laws and financial crime) and the obligations these create for firms||
|Cyber-security best practice||To examine the emergent regulatory and security practices in the USA (which is more developed and prescriptive than that in Europe)||
|Risk Assessment and Controls
||To use a framework to undertake a practical risk assessment and control identification process||
|Cyber-security governance||To define the extent and nature of the governance requirements that need to be associated with cybercrime, with an emphasis on meeting the FCA SYSC requirements||
|Incident response||To understand the impact of a poor response to a major IT security incident and construct a robust incident response framework||
|Compliance oversight and internal audit||To examine the role of Compliance, Internal Audit and IT Teams in managing cyber-security risk||
This course can be delivered in-house at a time and location to suit your business and tailored to suit your people and organisation. We can also create bespoke training when something very specific is needed.Please contact us to discuss your requirements in more detail and at no obligation.