The Training Environment For Financial Services

Effective Cyber-Security - Best Practice Approaches for Financial Services and Insurance Firms

18 Jan 2018, Dublin

9:30am to 16:30pm

This course has already taken place click here to view our current courses

Outline & Objectives

The latest disclosures about serious cyber security breaches affecting financial institutions and their customers have emphasized the scale of the threat. Yet it is estimated only 1 in 5 firms communicate effectively with executive management about cyber-attacks, weak cyber-security features continue to alarm industry regulators and Boards still devote insufficient time and resources to this critical issue. Cyber security and cyber security governance are issues that the Central Bank of Ireland is keen to ensure the Irish regulated community takes seriously.

In reality, firms and regulators are struggling to keep up with the increasing sophistication, volume and variety of cyber-attacks affecting financial institutions. in Ireland and globallyAdding to the challenge are the different standards and requirements in the US and Europe, which need to be navigated by firms whose activities are conducted cross-border. This is particularly important for the fund outsourcing industry which may have clients from multiple jurisdictions across
the world with multiple regulatory expectations.

This practical course is designed primarily for Compliance, Risk and Legal professionals in small to medium sized regulated firms who number cyber-security among their responsibilities. It will also be of value to IT specialists who are new to cyber-security in the finance sector. It will help you keep up to date with developing best practice and the evolving rules, guidance and standards in this fast changing and increasingly important area of business and regulatory risk.

Specifically, attending will help you:

  1. Review the impact of regulatory developments and priorities concerning cyber-security, with a particular emphasis on what can be learned from market leading developments in the USA
  2. Update and refresh your knowledge of the current threat landscape and regulatory requirements
  3. Assess the appropriateness of your governance arrangements for managing cyber-security risk
  4. Understand the importance of a well-constructed risk assessment
  5. Audit the performance of your cyber-security controls
  6. Understand how meeting the requirements will affect your business and client interactions
  7. Consider how you can evidence the effectiveness of your cyber-security arrangements

Training Approach

This course will make use of structured presentations, CASE STUDIES and SYNDICATE EXERCISES to explore and illustrate regulatory expectations, in Ireland and globally, and developing best practice in cyber-security for financial services organisations. Group size is limited to facilitate sharing of experience among the delegates.

Course Presenter

Gary Pitts has 24 years’ compliance experience in the UK and overseas, including spells with the Personal Investment Authority, Henderson Global Investors, Brevan Howard Asset Management, Religare Capital Markets and as a Managing Partner of Solo Capital Partners. He is a former director of Cayman and Luxembourg domiciled hedge funds, as well as regulated companies in the UK and South Africa and has been an FSA/FCA registered person in Controlled Functions 10 and/or 11 since 2001and now runs his own governance and regulatory consultancy: Tetractys Partners LLP. Gary is a regular conference speaker and author of technical articles on compliance related topics and sits on the regulatory advisory group of the Journal of Securities Operations and Custody. He brings a combination of compliance and commercial experience, in terms of both practical implementation and Board level oversight, to the training he delivers.

Course Programme

Session Aim Content
The scale of the threat To assess the latest information about the scale, nature and cost of the cybercrime threat to regulated businesses
  • What are the latest cybercrime statistics?
  • Some recent real-life cases of attacks
  • A review of the types of threat
  • What happens when you get it wrong
The regulatory background and requirements To understand the background rules that govern cyber-crime (including data security laws and financial crime) and the obligations these create for firms
  • Integration with financial crime controls requirements
  • Role of the relevant authorities
  • Systems and controls and record keeping
Cyber-security best practice To examine the emergent regulatory and security practices in the USA (which is three years ahead of Europe respectively)
  • Examine and understand US approaches to regulation and controls
  • Draw out approaches which are useful for course attendees (practical)
  • Implementing these approaches while minimizing bureaucracy
Risk Assessment and Controls


To use a framework to undertake a practical risk assessment and control identification process
  • Using IT best practice to help develop an accurate risk and control assessment
  • Evidencing and quantifying the risk
  • Syndicate exercise / group discussion
Cyber-security governance To define the extent and nature of the governance requirements that need to be associated with cybercrime, with an emphasis on meeting the CBoI requirements
  • The importance of proper governance
  • Regulatory benchmarks for governance
  • Ownership of each level of the governance process
  • MI – sorting the wheat from the chaff
Compliance oversight and internal audit To examine the role of Compliance, Internal Audit and IT Teams in managing cyber-security risk
  • Exercise: establish a compliance regime for cyber-security controls
  • Systems and controls
  • Examples of good and bad practice
Incident response To understand the impact of a poor response to a major IT security incident and construct a robust incident response framework
  • What are the consequences of a poorly handled major incident? Real life examples.
  • What does a “good response” look like?
  • How do I construct an incident response framework suitable for my organization (practical)?

This course can be delivered in-house at a time and location to suit your business and tailored to suit your people and organisation. We can also create bespoke training when something very specific is needed.Please contact us to discuss your requirements in more detail and at no obligation.

Bottom Banner
© 2014 Corporate Training Partnerships. All Rights Reserved. Terms and Conditions | Privacy Policy