18 Jan 2018, Dublin
9:30am to 16:30pm
The latest disclosures about serious cyber security breaches affecting financial institutions and their customers have emphasized the scale of the threat. Yet it is estimated only 1 in 5 firms communicate effectively with executive management about cyber-attacks, weak cyber-security features continue to alarm industry regulators and Boards still devote insufficient time and resources to this critical issue. Cyber security and cyber security governance are issues that the Central Bank of Ireland is keen to ensure the Irish regulated community takes seriously.
In reality, firms and regulators are struggling to keep up with the increasing sophistication, volume and variety of cyber-attacks affecting financial institutions. in Ireland and globallyAdding to the challenge are the different standards and requirements in the US and Europe, which need to be navigated by firms whose activities are conducted cross-border. This is particularly important for the fund outsourcing industry which may have clients from multiple jurisdictions across
the world with multiple regulatory expectations.
This practical course is designed primarily for Compliance, Risk and Legal professionals in small to medium sized regulated firms who number cyber-security among their responsibilities. It will also be of value to IT specialists who are new to cyber-security in the finance sector. It will help you keep up to date with developing best practice and the evolving rules, guidance and standards in this fast changing and increasingly important area of business and regulatory risk.
Specifically, attending will help you:
This course will make use of structured presentations, CASE STUDIES and SYNDICATE EXERCISES to explore and illustrate regulatory expectations, in Ireland and globally, and developing best practice in cyber-security for financial services organisations. Group size is limited to facilitate sharing of experience among the delegates.
Gary Pitts has 24 years’ compliance experience in the UK and overseas, including spells with the Personal Investment Authority, Henderson Global Investors, Brevan Howard Asset Management, Religare Capital Markets and as a Managing Partner of Solo Capital Partners. He is a former director of Cayman and Luxembourg domiciled hedge funds, as well as regulated companies in the UK and South Africa and has been an FSA/FCA registered person in Controlled Functions 10 and/or 11 since 2001and now runs his own governance and regulatory consultancy: Tetractys Partners LLP. Gary is a regular conference speaker and author of technical articles on compliance related topics and sits on the regulatory advisory group of the Journal of Securities Operations and Custody. He brings a combination of compliance and commercial experience, in terms of both practical implementation and Board level oversight, to the training he delivers.
Course Programme
Session | Aim | Content |
---|---|---|
The scale of the threat | To assess the latest information about the scale, nature and cost of the cybercrime threat to regulated businesses |
|
The regulatory background and requirements | To understand the background rules that govern cyber-crime (including data security laws and financial crime) and the obligations these create for firms |
|
Cyber-security best practice | To examine the emergent regulatory and security practices in the USA (which is three years ahead of Europe respectively) |
|
Risk Assessment and Controls |
To use a framework to undertake a practical risk assessment and control identification process |
|
Cyber-security governance | To define the extent and nature of the governance requirements that need to be associated with cybercrime, with an emphasis on meeting the CBoI requirements |
|
Compliance oversight and internal audit | To examine the role of Compliance, Internal Audit and IT Teams in managing cyber-security risk |
|
Incident response | To understand the impact of a poor response to a major IT security incident and construct a robust incident response framework |
|
This course can be delivered in-house at a time and location to suit your business and tailored to suit your people and organisation. We can also create bespoke training when something very specific is needed.Please contact us to discuss your requirements in more detail and at no obligation.