"The chaos we're seeing is really a reaction to the fact that the regulators have floated these enormous boats that are gathering tons of data, over 100,000 points of data in the EU alone. And they've now cut across that with a simplification directive," says PJ Di Giammarino, CEO of RegRisk, as our panel of experts settles in.
Di Giammarino is joined by Michael Nicholls, Principal of Financial Services Consulting at EPAM and Chris Owers, a Senior Director at First Derivative. Together, the trio has decades of experience in consulting and navigating the rigors of regulatory compliance.
Chaos isn’t a word you want to hear when discussing compliance with pending regulations, especially in the financial services sector. But it’s become a reality for thousands of banks across Europe and the UK thanks to last-minute pivots and sharp turns in dual-tracked MiFID 3 regulations originating from both regions. Meant to drive standardization in trade and transaction reporting, regulators from both regions have had to pump the brakes as the intent of their proposals bumped up against reality, resulting in a temporary pause.
"I think a lot of people breathed a sigh of relief. There is a lot of complexity in what's being proposed. I don't think it was a complete surprise if you look at what's happened with other regulations,” says Nicholls.
Owers follows this up with a question on how the differences between the UK and European versions – a divergent approach to regulation – are tangibly impacting clients. Nicholls responds, “if you're in a two-tier, two-speed environment where you've got to satisfy regulators in the EU and regulators in the UK, and those regulators become increasingly divergent no longer aligned, you’re going to need more complex systems, data and processes to deal with two environments.”
With this, the conversation shifts into how organizations can deal with these complex systems, touching on everything from technology and AI to the shortage of talent within the industry that’s both tech-savvy and versed in regulatory compliance. Ultimately, however, our speakers leave the conversation on a positive note, confident that today’s sprint toward AI can help organizations to even the odds in the great regulatory compliance race. As Giammarino says: “This is a time for organizations to put in robust proofs of concept and begin scaling so they can turn the rulebook into a runbook.” Listen carefully, and watch out for galloping insights!
Host: Chris Tapley
Engineer: Kyp Pilalas
Producer: Scott MacAllister
Executive Producer: Ken Gordon
All content for The EPAM Continuum Podcast Network is the property of EPAM Continuum and is served directly from their servers
with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.
"The chaos we're seeing is really a reaction to the fact that the regulators have floated these enormous boats that are gathering tons of data, over 100,000 points of data in the EU alone. And they've now cut across that with a simplification directive," says PJ Di Giammarino, CEO of RegRisk, as our panel of experts settles in.
Di Giammarino is joined by Michael Nicholls, Principal of Financial Services Consulting at EPAM and Chris Owers, a Senior Director at First Derivative. Together, the trio has decades of experience in consulting and navigating the rigors of regulatory compliance.
Chaos isn’t a word you want to hear when discussing compliance with pending regulations, especially in the financial services sector. But it’s become a reality for thousands of banks across Europe and the UK thanks to last-minute pivots and sharp turns in dual-tracked MiFID 3 regulations originating from both regions. Meant to drive standardization in trade and transaction reporting, regulators from both regions have had to pump the brakes as the intent of their proposals bumped up against reality, resulting in a temporary pause.
"I think a lot of people breathed a sigh of relief. There is a lot of complexity in what's being proposed. I don't think it was a complete surprise if you look at what's happened with other regulations,” says Nicholls.
Owers follows this up with a question on how the differences between the UK and European versions – a divergent approach to regulation – are tangibly impacting clients. Nicholls responds, “if you're in a two-tier, two-speed environment where you've got to satisfy regulators in the EU and regulators in the UK, and those regulators become increasingly divergent no longer aligned, you’re going to need more complex systems, data and processes to deal with two environments.”
With this, the conversation shifts into how organizations can deal with these complex systems, touching on everything from technology and AI to the shortage of talent within the industry that’s both tech-savvy and versed in regulatory compliance. Ultimately, however, our speakers leave the conversation on a positive note, confident that today’s sprint toward AI can help organizations to even the odds in the great regulatory compliance race. As Giammarino says: “This is a time for organizations to put in robust proofs of concept and begin scaling so they can turn the rulebook into a runbook.” Listen carefully, and watch out for galloping insights!
Host: Chris Tapley
Engineer: Kyp Pilalas
Producer: Scott MacAllister
Executive Producer: Ken Gordon
Silo Busting 71: IR Now with Tab Bradshaw and Sam Rehman
The EPAM Continuum Podcast Network
27 minutes
7 months ago
Silo Busting 71: IR Now with Tab Bradshaw and Sam Rehman
Today’s incident response ain’t your grandfather’s IR. But the psychology surrounding it hasn’t changed an iota. This is precisely what Sam Rehman, EPAM’s Chief Information Security Officer and SVP, and Tab Bradshaw, Chief Operating Officer at Redpoint Cybersecurity, are talking about on this #SecurityByDesign conversation.
“It really comes down to the preparation piece,” says Bradshaw. It’s about being well prepared and asking: “How often do you prepare in your organization, at a technical level, at an executive level, to handle some sort of incident?”
Rehman agrees and says that he has clients wondering, “OK, so when am I done?” The perception is that being IR-ready is enough, he says. “That's not the case. It's a muscle. It's emotion. It's how you work. It's how you react to it.”
There are benefits to knowing the proper way to react. “A well-handled breach really builds credibility,” says Bradshaw, adding that the word “reasonable” is omnipresent in IR documentation. He says: “Reasonableness is not just about having a mitigation strategy.” It’s also about, say, practicing tabletop exercises. Regularly. So that when you’re asked about doing regular tabletop sessions, the answer is, as Bradshaw puts it: “Yes, we did it every quarter for the past five years. We feel like we're in a pretty good spot that if something happens, might not be perfect, but we think we have good preparation, consistent preparation, consistent practice, to your point, to respond to the incident when it does occur.”
Rehman says that security people are “used to having that sudden sense of violent impulse and urgency coming to us,” but what about the business leaders and everyone else in the organization? He asks Bradshaw about IR communication: “How do you guide the team through it, especially when everybody's thinking about, ‘Oh, am I gonna be on the news?’”
Of the thousands of breaches Bradshaw and his team have responded to, for “a third, maybe half” of them, there is “some internal chaos at the client—and it's not because anybody's doing a bad thing.”
“It really comes down to what I call C-squared,” says Bradshaw, which is shorthand for “communication and coordination. Someone has to be the quarterback.”
Bradshaw says the chaos is about “a lack of preparation and testing.” A tabletop exercise needs to be a live fire exercise: “Doing it once a year is not good.” Too many organizations treat IR as a checklist, which is a mistake. He says: “It's a living, cross-functional discipline that evolves with the threat landscape externally, obviously, and also internally as people move.”
And so?
Get moving. Hit play and get ready.
Host: Lisa Kocian
Engineer: Kyp Pilalas
Producer: Ken Gordon
The EPAM Continuum Podcast Network
"The chaos we're seeing is really a reaction to the fact that the regulators have floated these enormous boats that are gathering tons of data, over 100,000 points of data in the EU alone. And they've now cut across that with a simplification directive," says PJ Di Giammarino, CEO of RegRisk, as our panel of experts settles in.
Di Giammarino is joined by Michael Nicholls, Principal of Financial Services Consulting at EPAM and Chris Owers, a Senior Director at First Derivative. Together, the trio has decades of experience in consulting and navigating the rigors of regulatory compliance.
Chaos isn’t a word you want to hear when discussing compliance with pending regulations, especially in the financial services sector. But it’s become a reality for thousands of banks across Europe and the UK thanks to last-minute pivots and sharp turns in dual-tracked MiFID 3 regulations originating from both regions. Meant to drive standardization in trade and transaction reporting, regulators from both regions have had to pump the brakes as the intent of their proposals bumped up against reality, resulting in a temporary pause.
"I think a lot of people breathed a sigh of relief. There is a lot of complexity in what's being proposed. I don't think it was a complete surprise if you look at what's happened with other regulations,” says Nicholls.
Owers follows this up with a question on how the differences between the UK and European versions – a divergent approach to regulation – are tangibly impacting clients. Nicholls responds, “if you're in a two-tier, two-speed environment where you've got to satisfy regulators in the EU and regulators in the UK, and those regulators become increasingly divergent no longer aligned, you’re going to need more complex systems, data and processes to deal with two environments.”
With this, the conversation shifts into how organizations can deal with these complex systems, touching on everything from technology and AI to the shortage of talent within the industry that’s both tech-savvy and versed in regulatory compliance. Ultimately, however, our speakers leave the conversation on a positive note, confident that today’s sprint toward AI can help organizations to even the odds in the great regulatory compliance race. As Giammarino says: “This is a time for organizations to put in robust proofs of concept and begin scaling so they can turn the rulebook into a runbook.” Listen carefully, and watch out for galloping insights!
Host: Chris Tapley
Engineer: Kyp Pilalas
Producer: Scott MacAllister
Executive Producer: Ken Gordon
