"The chaos we're seeing is really a reaction to the fact that the regulators have floated these enormous boats that are gathering tons of data, over 100,000 points of data in the EU alone. And they've now cut across that with a simplification directive," says PJ Di Giammarino, CEO of RegRisk, as our panel of experts settles in.
Di Giammarino is joined by Michael Nicholls, Principal of Financial Services Consulting at EPAM and Chris Owers, a Senior Director at First Derivative. Together, the trio has decades of experience in consulting and navigating the rigors of regulatory compliance.
Chaos isn’t a word you want to hear when discussing compliance with pending regulations, especially in the financial services sector. But it’s become a reality for thousands of banks across Europe and the UK thanks to last-minute pivots and sharp turns in dual-tracked MiFID 3 regulations originating from both regions. Meant to drive standardization in trade and transaction reporting, regulators from both regions have had to pump the brakes as the intent of their proposals bumped up against reality, resulting in a temporary pause.
"I think a lot of people breathed a sigh of relief. There is a lot of complexity in what's being proposed. I don't think it was a complete surprise if you look at what's happened with other regulations,” says Nicholls.
Owers follows this up with a question on how the differences between the UK and European versions – a divergent approach to regulation – are tangibly impacting clients. Nicholls responds, “if you're in a two-tier, two-speed environment where you've got to satisfy regulators in the EU and regulators in the UK, and those regulators become increasingly divergent no longer aligned, you’re going to need more complex systems, data and processes to deal with two environments.”
With this, the conversation shifts into how organizations can deal with these complex systems, touching on everything from technology and AI to the shortage of talent within the industry that’s both tech-savvy and versed in regulatory compliance. Ultimately, however, our speakers leave the conversation on a positive note, confident that today’s sprint toward AI can help organizations to even the odds in the great regulatory compliance race. As Giammarino says: “This is a time for organizations to put in robust proofs of concept and begin scaling so they can turn the rulebook into a runbook.” Listen carefully, and watch out for galloping insights!
Host: Chris Tapley
Engineer: Kyp Pilalas
Producer: Scott MacAllister
Executive Producer: Ken Gordon
All content for The EPAM Continuum Podcast Network is the property of EPAM Continuum and is served directly from their servers
with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.
"The chaos we're seeing is really a reaction to the fact that the regulators have floated these enormous boats that are gathering tons of data, over 100,000 points of data in the EU alone. And they've now cut across that with a simplification directive," says PJ Di Giammarino, CEO of RegRisk, as our panel of experts settles in.
Di Giammarino is joined by Michael Nicholls, Principal of Financial Services Consulting at EPAM and Chris Owers, a Senior Director at First Derivative. Together, the trio has decades of experience in consulting and navigating the rigors of regulatory compliance.
Chaos isn’t a word you want to hear when discussing compliance with pending regulations, especially in the financial services sector. But it’s become a reality for thousands of banks across Europe and the UK thanks to last-minute pivots and sharp turns in dual-tracked MiFID 3 regulations originating from both regions. Meant to drive standardization in trade and transaction reporting, regulators from both regions have had to pump the brakes as the intent of their proposals bumped up against reality, resulting in a temporary pause.
"I think a lot of people breathed a sigh of relief. There is a lot of complexity in what's being proposed. I don't think it was a complete surprise if you look at what's happened with other regulations,” says Nicholls.
Owers follows this up with a question on how the differences between the UK and European versions – a divergent approach to regulation – are tangibly impacting clients. Nicholls responds, “if you're in a two-tier, two-speed environment where you've got to satisfy regulators in the EU and regulators in the UK, and those regulators become increasingly divergent no longer aligned, you’re going to need more complex systems, data and processes to deal with two environments.”
With this, the conversation shifts into how organizations can deal with these complex systems, touching on everything from technology and AI to the shortage of talent within the industry that’s both tech-savvy and versed in regulatory compliance. Ultimately, however, our speakers leave the conversation on a positive note, confident that today’s sprint toward AI can help organizations to even the odds in the great regulatory compliance race. As Giammarino says: “This is a time for organizations to put in robust proofs of concept and begin scaling so they can turn the rulebook into a runbook.” Listen carefully, and watch out for galloping insights!
Host: Chris Tapley
Engineer: Kyp Pilalas
Producer: Scott MacAllister
Executive Producer: Ken Gordon
Silo Busing 67: Andrew Whaley and Sam Rehman on App Security
The EPAM Continuum Podcast Network
25 minutes 28 seconds
2 years ago
Silo Busing 67: Andrew Whaley and Sam Rehman on App Security
Going mobile: It’s going to create vulnerabilities. That’s the way things work with apps. They aren’t just friendly pieces of software that help you beat traffic or bring your favorite tunes into your eardrums… they are opportunities, rich ones, for the bad guys.
Andrew Whaley, the Senior Technical Director (UK) at Promon and our guest on *Silo Busting,* says that with an app, “You have to be able to trust the security model that you've got around it.”
Whaley talks with Sam Rehman, our Chief Information Security Officer and SVP, about how apps operate on a client-server model, but “all the client code is distributed outside of your enterprise.” Some of these users could well be criminals who, once gaining access to that code, could "reverse engineer it and come up with ways to attack that.”
And the code in those apps can be a bit suspect. Whaley says that most apps are made up of 80% open-source software. “You know how many of those app developers go and build that source themselves from source and read over it before they compile?” he asks and then answers: “Probably close to zero.”
Speaking of putting the work in… Rehman talks about calibrating “the level of effort that the attacker would have to go through versus the yield.” The trick is, he says, layering on cybersecurity techniques “so that the yield is not worth it for them.”
Whaley replies that “once you layer obfuscation on, you then have this impenetrable forest” and that the “immediately accessible ways of attacking [an application] are taken off the table.”
Together they chat about supply chain attacks, nonlinear programming, and more. Tune in and be safe(r)!
Host: Glenn Gruber
Editor: Kyp Pilalas
Producer: Ken Gordon
The EPAM Continuum Podcast Network
"The chaos we're seeing is really a reaction to the fact that the regulators have floated these enormous boats that are gathering tons of data, over 100,000 points of data in the EU alone. And they've now cut across that with a simplification directive," says PJ Di Giammarino, CEO of RegRisk, as our panel of experts settles in.
Di Giammarino is joined by Michael Nicholls, Principal of Financial Services Consulting at EPAM and Chris Owers, a Senior Director at First Derivative. Together, the trio has decades of experience in consulting and navigating the rigors of regulatory compliance.
Chaos isn’t a word you want to hear when discussing compliance with pending regulations, especially in the financial services sector. But it’s become a reality for thousands of banks across Europe and the UK thanks to last-minute pivots and sharp turns in dual-tracked MiFID 3 regulations originating from both regions. Meant to drive standardization in trade and transaction reporting, regulators from both regions have had to pump the brakes as the intent of their proposals bumped up against reality, resulting in a temporary pause.
"I think a lot of people breathed a sigh of relief. There is a lot of complexity in what's being proposed. I don't think it was a complete surprise if you look at what's happened with other regulations,” says Nicholls.
Owers follows this up with a question on how the differences between the UK and European versions – a divergent approach to regulation – are tangibly impacting clients. Nicholls responds, “if you're in a two-tier, two-speed environment where you've got to satisfy regulators in the EU and regulators in the UK, and those regulators become increasingly divergent no longer aligned, you’re going to need more complex systems, data and processes to deal with two environments.”
With this, the conversation shifts into how organizations can deal with these complex systems, touching on everything from technology and AI to the shortage of talent within the industry that’s both tech-savvy and versed in regulatory compliance. Ultimately, however, our speakers leave the conversation on a positive note, confident that today’s sprint toward AI can help organizations to even the odds in the great regulatory compliance race. As Giammarino says: “This is a time for organizations to put in robust proofs of concept and begin scaling so they can turn the rulebook into a runbook.” Listen carefully, and watch out for galloping insights!
Host: Chris Tapley
Engineer: Kyp Pilalas
Producer: Scott MacAllister
Executive Producer: Ken Gordon
