"The chaos we're seeing is really a reaction to the fact that the regulators have floated these enormous boats that are gathering tons of data, over 100,000 points of data in the EU alone. And they've now cut across that with a simplification directive," says PJ Di Giammarino, CEO of RegRisk, as our panel of experts settles in.
Di Giammarino is joined by Michael Nicholls, Principal of Financial Services Consulting at EPAM and Chris Owers, a Senior Director at First Derivative. Together, the trio has decades of experience in consulting and navigating the rigors of regulatory compliance.
Chaos isn’t a word you want to hear when discussing compliance with pending regulations, especially in the financial services sector. But it’s become a reality for thousands of banks across Europe and the UK thanks to last-minute pivots and sharp turns in dual-tracked MiFID 3 regulations originating from both regions. Meant to drive standardization in trade and transaction reporting, regulators from both regions have had to pump the brakes as the intent of their proposals bumped up against reality, resulting in a temporary pause.
"I think a lot of people breathed a sigh of relief. There is a lot of complexity in what's being proposed. I don't think it was a complete surprise if you look at what's happened with other regulations,” says Nicholls.
Owers follows this up with a question on how the differences between the UK and European versions – a divergent approach to regulation – are tangibly impacting clients. Nicholls responds, “if you're in a two-tier, two-speed environment where you've got to satisfy regulators in the EU and regulators in the UK, and those regulators become increasingly divergent no longer aligned, you’re going to need more complex systems, data and processes to deal with two environments.”
With this, the conversation shifts into how organizations can deal with these complex systems, touching on everything from technology and AI to the shortage of talent within the industry that’s both tech-savvy and versed in regulatory compliance. Ultimately, however, our speakers leave the conversation on a positive note, confident that today’s sprint toward AI can help organizations to even the odds in the great regulatory compliance race. As Giammarino says: “This is a time for organizations to put in robust proofs of concept and begin scaling so they can turn the rulebook into a runbook.” Listen carefully, and watch out for galloping insights!
Host: Chris Tapley
Engineer: Kyp Pilalas
Producer: Scott MacAllister
Executive Producer: Ken Gordon
All content for The EPAM Continuum Podcast Network is the property of EPAM Continuum and is served directly from their servers
with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.
"The chaos we're seeing is really a reaction to the fact that the regulators have floated these enormous boats that are gathering tons of data, over 100,000 points of data in the EU alone. And they've now cut across that with a simplification directive," says PJ Di Giammarino, CEO of RegRisk, as our panel of experts settles in.
Di Giammarino is joined by Michael Nicholls, Principal of Financial Services Consulting at EPAM and Chris Owers, a Senior Director at First Derivative. Together, the trio has decades of experience in consulting and navigating the rigors of regulatory compliance.
Chaos isn’t a word you want to hear when discussing compliance with pending regulations, especially in the financial services sector. But it’s become a reality for thousands of banks across Europe and the UK thanks to last-minute pivots and sharp turns in dual-tracked MiFID 3 regulations originating from both regions. Meant to drive standardization in trade and transaction reporting, regulators from both regions have had to pump the brakes as the intent of their proposals bumped up against reality, resulting in a temporary pause.
"I think a lot of people breathed a sigh of relief. There is a lot of complexity in what's being proposed. I don't think it was a complete surprise if you look at what's happened with other regulations,” says Nicholls.
Owers follows this up with a question on how the differences between the UK and European versions – a divergent approach to regulation – are tangibly impacting clients. Nicholls responds, “if you're in a two-tier, two-speed environment where you've got to satisfy regulators in the EU and regulators in the UK, and those regulators become increasingly divergent no longer aligned, you’re going to need more complex systems, data and processes to deal with two environments.”
With this, the conversation shifts into how organizations can deal with these complex systems, touching on everything from technology and AI to the shortage of talent within the industry that’s both tech-savvy and versed in regulatory compliance. Ultimately, however, our speakers leave the conversation on a positive note, confident that today’s sprint toward AI can help organizations to even the odds in the great regulatory compliance race. As Giammarino says: “This is a time for organizations to put in robust proofs of concept and begin scaling so they can turn the rulebook into a runbook.” Listen carefully, and watch out for galloping insights!
Host: Chris Tapley
Engineer: Kyp Pilalas
Producer: Scott MacAllister
Executive Producer: Ken Gordon
Silo Busting 68: Cloud IR Readiness with Ron Konigsberg, Sam Rehman & Aviv Srour
The EPAM Continuum Podcast Network
36 minutes 51 seconds
1 year ago
Silo Busting 68: Cloud IR Readiness with Ron Konigsberg, Sam Rehman & Aviv Srour
“There’s been an incident,” is a sentence no one wants to hear… except perhaps people like Ron Konigsberg, Co-Founder and CTO of Gem and our guest on *Silo Busting,* whose business is cloud incident response (IR).
We know what you’re thinking: What makes cloud IR different from all other forms of IR?
Let’s let Konigsberg explain: “The challenge is that the cloud is technically simply different.” If you’re using legacy tools, “you're going to protect probably 20% of the cloud.”
Konigsberg is joined in conversation by Sam Rehman, EPAM’s Chief Information Security Officer and SVP, and the pair are pelted with questions by Aviv Srour, our Head of Cyber Innovation.
Konigsberg says that incident responders need to “adapt from network and agents to services and APIs, and constantly learn about new services and stay up to date and up to speed” with what the bad guys are picking up.
Oh, those bad guys! Regarding attackers, Konigsberg says: “They adopt innovation faster than defenders.” They can do so because they have fewer dependencies “and they care less [than defenders do] about breaking things.”
To illustrate, he asks us to think about migrating to the cloud: Imagine you’re an attacker and you simply never worry about any legacy systems from your previous environments. “They have much more liberty and they move faster.”
“They adopt techniques about new services that each cloud provider is releasing *tomorrow,*” says Konigsberg.
So it is, in some ways, about playing catch-up. CISOs have had to adopt a new mindset and posture. “You can only block so many punches until you have to figure out [that] you need to move around, you need to counter, and so on,” says Rehman.
Rehman adds that CISOs have finally understood the “shared responsibility between you and the cloud provider.” But that’s not the only issue with the cloud. “It's much flatter than what you’re used to on prem,” he says. “Which means a lateral attack is a lot quicker, moving things around a lot easier, and the *simplicity* of people actually moving things around and infecting a large area is substantially higher.”
So how can an organization properly respond to, and learn to prioritize within, the cloud conundrum? One answer, says Rehman, is culture.
“We have to adopt a learning culture in security,” he says. “They’re always gonna be one step ahead of us, but at least we're one step behind, not ten.” Pick up the pace of your learning and listen to the experts speak. Hit play!
Host: Lisa Kocian
Editor: Kyp Pilalas
Producer: Ken Gordon
The EPAM Continuum Podcast Network
"The chaos we're seeing is really a reaction to the fact that the regulators have floated these enormous boats that are gathering tons of data, over 100,000 points of data in the EU alone. And they've now cut across that with a simplification directive," says PJ Di Giammarino, CEO of RegRisk, as our panel of experts settles in.
Di Giammarino is joined by Michael Nicholls, Principal of Financial Services Consulting at EPAM and Chris Owers, a Senior Director at First Derivative. Together, the trio has decades of experience in consulting and navigating the rigors of regulatory compliance.
Chaos isn’t a word you want to hear when discussing compliance with pending regulations, especially in the financial services sector. But it’s become a reality for thousands of banks across Europe and the UK thanks to last-minute pivots and sharp turns in dual-tracked MiFID 3 regulations originating from both regions. Meant to drive standardization in trade and transaction reporting, regulators from both regions have had to pump the brakes as the intent of their proposals bumped up against reality, resulting in a temporary pause.
"I think a lot of people breathed a sigh of relief. There is a lot of complexity in what's being proposed. I don't think it was a complete surprise if you look at what's happened with other regulations,” says Nicholls.
Owers follows this up with a question on how the differences between the UK and European versions – a divergent approach to regulation – are tangibly impacting clients. Nicholls responds, “if you're in a two-tier, two-speed environment where you've got to satisfy regulators in the EU and regulators in the UK, and those regulators become increasingly divergent no longer aligned, you’re going to need more complex systems, data and processes to deal with two environments.”
With this, the conversation shifts into how organizations can deal with these complex systems, touching on everything from technology and AI to the shortage of talent within the industry that’s both tech-savvy and versed in regulatory compliance. Ultimately, however, our speakers leave the conversation on a positive note, confident that today’s sprint toward AI can help organizations to even the odds in the great regulatory compliance race. As Giammarino says: “This is a time for organizations to put in robust proofs of concept and begin scaling so they can turn the rulebook into a runbook.” Listen carefully, and watch out for galloping insights!
Host: Chris Tapley
Engineer: Kyp Pilalas
Producer: Scott MacAllister
Executive Producer: Ken Gordon
