"The chaos we're seeing is really a reaction to the fact that the regulators have floated these enormous boats that are gathering tons of data, over 100,000 points of data in the EU alone. And they've now cut across that with a simplification directive," says PJ Di Giammarino, CEO of RegRisk, as our panel of experts settles in.
Di Giammarino is joined by Michael Nicholls, Principal of Financial Services Consulting at EPAM and Chris Owers, a Senior Director at First Derivative. Together, the trio has decades of experience in consulting and navigating the rigors of regulatory compliance.
Chaos isn’t a word you want to hear when discussing compliance with pending regulations, especially in the financial services sector. But it’s become a reality for thousands of banks across Europe and the UK thanks to last-minute pivots and sharp turns in dual-tracked MiFID 3 regulations originating from both regions. Meant to drive standardization in trade and transaction reporting, regulators from both regions have had to pump the brakes as the intent of their proposals bumped up against reality, resulting in a temporary pause.
"I think a lot of people breathed a sigh of relief. There is a lot of complexity in what's being proposed. I don't think it was a complete surprise if you look at what's happened with other regulations,” says Nicholls.
Owers follows this up with a question on how the differences between the UK and European versions – a divergent approach to regulation – are tangibly impacting clients. Nicholls responds, “if you're in a two-tier, two-speed environment where you've got to satisfy regulators in the EU and regulators in the UK, and those regulators become increasingly divergent no longer aligned, you’re going to need more complex systems, data and processes to deal with two environments.”
With this, the conversation shifts into how organizations can deal with these complex systems, touching on everything from technology and AI to the shortage of talent within the industry that’s both tech-savvy and versed in regulatory compliance. Ultimately, however, our speakers leave the conversation on a positive note, confident that today’s sprint toward AI can help organizations to even the odds in the great regulatory compliance race. As Giammarino says: “This is a time for organizations to put in robust proofs of concept and begin scaling so they can turn the rulebook into a runbook.” Listen carefully, and watch out for galloping insights!
Host: Chris Tapley
Engineer: Kyp Pilalas
Producer: Scott MacAllister
Executive Producer: Ken Gordon
All content for The EPAM Continuum Podcast Network is the property of EPAM Continuum and is served directly from their servers
with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.
"The chaos we're seeing is really a reaction to the fact that the regulators have floated these enormous boats that are gathering tons of data, over 100,000 points of data in the EU alone. And they've now cut across that with a simplification directive," says PJ Di Giammarino, CEO of RegRisk, as our panel of experts settles in.
Di Giammarino is joined by Michael Nicholls, Principal of Financial Services Consulting at EPAM and Chris Owers, a Senior Director at First Derivative. Together, the trio has decades of experience in consulting and navigating the rigors of regulatory compliance.
Chaos isn’t a word you want to hear when discussing compliance with pending regulations, especially in the financial services sector. But it’s become a reality for thousands of banks across Europe and the UK thanks to last-minute pivots and sharp turns in dual-tracked MiFID 3 regulations originating from both regions. Meant to drive standardization in trade and transaction reporting, regulators from both regions have had to pump the brakes as the intent of their proposals bumped up against reality, resulting in a temporary pause.
"I think a lot of people breathed a sigh of relief. There is a lot of complexity in what's being proposed. I don't think it was a complete surprise if you look at what's happened with other regulations,” says Nicholls.
Owers follows this up with a question on how the differences between the UK and European versions – a divergent approach to regulation – are tangibly impacting clients. Nicholls responds, “if you're in a two-tier, two-speed environment where you've got to satisfy regulators in the EU and regulators in the UK, and those regulators become increasingly divergent no longer aligned, you’re going to need more complex systems, data and processes to deal with two environments.”
With this, the conversation shifts into how organizations can deal with these complex systems, touching on everything from technology and AI to the shortage of talent within the industry that’s both tech-savvy and versed in regulatory compliance. Ultimately, however, our speakers leave the conversation on a positive note, confident that today’s sprint toward AI can help organizations to even the odds in the great regulatory compliance race. As Giammarino says: “This is a time for organizations to put in robust proofs of concept and begin scaling so they can turn the rulebook into a runbook.” Listen carefully, and watch out for galloping insights!
Host: Chris Tapley
Engineer: Kyp Pilalas
Producer: Scott MacAllister
Executive Producer: Ken Gordon
Silo Busting 70: Lessons for the Modern CISO with Tim Ramsay and Sam Rehman
The EPAM Continuum Podcast Network
26 minutes 56 seconds
9 months ago
Silo Busting 70: Lessons for the Modern CISO with Tim Ramsay and Sam Rehman
How are CISOs holding up in the era of AI?
According to Tim Ramsay, Managing Director of Mandiant Client Advisory (now part of Google Cloud), and our guest on *Silo Busting*: “You have a number of parts of the organization that may be embracing AI without any involvement from central IT, and more importantly… without security.”
Not an easy situation for a CISO.
But not to worry, Ramsay and Sam Rehman, EPAM’s CISO and SVP, have seen this kind of thing before. In the pre-AI age, there were other technology inflection points, such as virtualization and the cloud, and our conversationalists learned that dealing with them involved clear communication and trust.
Today’s CISOs “don't want to kill the business or stop the business,” says Ramsay “They want to *enable* the business. But that kind of presupposes they know what the business is trying to do.”
What’s necessary, he says, is for business leaders “to have some level of trust that the security people are actually going to bring something productive to the conversation and not just rule from a position of fear, uncertainty and doubt.”
CISOs must teach their colleagues that secure business is, as Ramsay notes, a team sport and that organizations must know their data assets. Security people must also be clear about risk. “We need to be real about what type of threats we actually are engaging,” says Ramsay.
The lessons of DeepSeek emerge during the episode. Ramsay says he thought there’d be “some voice in the room who would have said, “Guys, are we ready? Are we ready for global type of exposure here?” Getting ready, in fact, means that security must be included from the beginning, they say. Rehman adds: “To secure something as an aftermath is a million times more difficult than if you have security in mind when you’re actually going through that innovation process.”
Rehman asks *how* CISOs can build the necessary trust. “Meetings are always good, but relationships are where it gets real,” replies Ramsay. “Conversations that CISOs are having alongside other C-levels are going to be much more effective” than meetings that can sometimes feel adversarial.
Build strong enough relationships and sometimes business leaders will deliver the security message themselves. “It takes a secure CISO to let others carry the message sometimes,” says Ramsay, adding: “It takes the pressure off the CISO to be always the bearer of threats and news of risk.”
Says Rehman: “So much of security requires... letting go of that insecurity.”
Host and Producer: Ken Gordon
Engineer: Kyp Pilalas
The EPAM Continuum Podcast Network
"The chaos we're seeing is really a reaction to the fact that the regulators have floated these enormous boats that are gathering tons of data, over 100,000 points of data in the EU alone. And they've now cut across that with a simplification directive," says PJ Di Giammarino, CEO of RegRisk, as our panel of experts settles in.
Di Giammarino is joined by Michael Nicholls, Principal of Financial Services Consulting at EPAM and Chris Owers, a Senior Director at First Derivative. Together, the trio has decades of experience in consulting and navigating the rigors of regulatory compliance.
Chaos isn’t a word you want to hear when discussing compliance with pending regulations, especially in the financial services sector. But it’s become a reality for thousands of banks across Europe and the UK thanks to last-minute pivots and sharp turns in dual-tracked MiFID 3 regulations originating from both regions. Meant to drive standardization in trade and transaction reporting, regulators from both regions have had to pump the brakes as the intent of their proposals bumped up against reality, resulting in a temporary pause.
"I think a lot of people breathed a sigh of relief. There is a lot of complexity in what's being proposed. I don't think it was a complete surprise if you look at what's happened with other regulations,” says Nicholls.
Owers follows this up with a question on how the differences between the UK and European versions – a divergent approach to regulation – are tangibly impacting clients. Nicholls responds, “if you're in a two-tier, two-speed environment where you've got to satisfy regulators in the EU and regulators in the UK, and those regulators become increasingly divergent no longer aligned, you’re going to need more complex systems, data and processes to deal with two environments.”
With this, the conversation shifts into how organizations can deal with these complex systems, touching on everything from technology and AI to the shortage of talent within the industry that’s both tech-savvy and versed in regulatory compliance. Ultimately, however, our speakers leave the conversation on a positive note, confident that today’s sprint toward AI can help organizations to even the odds in the great regulatory compliance race. As Giammarino says: “This is a time for organizations to put in robust proofs of concept and begin scaling so they can turn the rulebook into a runbook.” Listen carefully, and watch out for galloping insights!
Host: Chris Tapley
Engineer: Kyp Pilalas
Producer: Scott MacAllister
Executive Producer: Ken Gordon
