SIFMA & AICPA

Managing 3rd Party Risk – SOC Attestation Solutions

Date

July 18, 2018

Location

New York, NY

Hosted by

SIFMA & AICPA

Overview

SIFMA is organizing a complimentary event together with the AICPA to promote awareness of the recently released System and Organization Controls (SOC) Attestation Solutions for cybersecurity. These solutions, which SIFMA worked with the AICPA to develop, offer firms a new and efficient tool to handle vendor cyber risk management.

This event will help securities firms and the third party suppliers they work with understand the SOC attestation process for cybersecurity, the value it can provide, and how firms should prepare to use it and integrate it into their third party risk management programs. Presentations will include an introduction to the new SOC Attestation offerings, presentations by audit firms on how to prepare for and obtain a these attestations, and industry views on its value for risk management.

Program

8:00am – 9:00am

Registration & Continental Breakfast

9:00am – 9:05am

Participants

Charles DeSimone

Speaker

Charles DeSimone

Vice President, Technology and Operations

SIFMA

Charles DeSimone’s Biography

9:05am – 9:50am

Discussion Topics: Current landscape and overview of how SOC suite of services are addressing marketplace needs Details of purpose, audience and relevant criteria for SOC for Cybersecurity and SOC 2…

Discussion Topics:

  • Current landscape and overview of how SOC suite of services are addressing marketplace needs
  • Details of purpose, audience and relevant criteria for SOC for Cybersecurity and SOC 2
  • Significant changes for SOC 2 such as new required disclosures
  • How reports can be used for third party risk management

Participants

Mimi Blanco-Best, Chris Halterman, Erin Mackler

Speakers

Mimi Blanco-Best

Senior Manager, Assurance & Advisory Services, SOC Reporting

AICPA

Mimi Blanco-Best’s Biography

Chris Halterman

Executive Director

EY

Chair of AICPA Trust Information Integrity Task Force

AICPA

Chris Halterman’s Biography

Erin Mackler

Director, Assurance & Advisory Services, SOC Reporting

AICPA

Erin Mackler’s Biography

9:50am – 10:00am

Networking Break

10:00am – 10:50am

Discussion Topics: Determining which offering is right for you and selecting the appropriate criteria Preparing for attestation: Readiness assessment What is involved in getting an attestation Impact on management of…

Discussion Topics:

  • Determining which offering is right for you and selecting the appropriate criteria
  • Preparing for attestation: Readiness assessment
  • What is involved in getting an attestation
  • Impact on management of third party risk
  • Communications with clients and stakeholders

Participants

Chris Halterman, Eddie E. Holt, Soma Sinha, Jeff Trent, Charlie Willis

Moderator

Chris Halterman

Executive Director

EY

Chair of AICPA Trust Information Integrity Task Force

AICPA

Chris Halterman’s Biography

Panelists

Eddie E. Holt

Partner - IT Advisory

KPMG LLP

Eddie E. Holt’s Biography

Soma Sinha

Senior Manager - Professional Standards & SOC Technical Leader

Plante Moran

Soma Sinha’s Biography

Jeff Trent

Partner

PwC

Jeff Trent’s Biography

Charlie Willis

Managing Director, Risk & Financial Advisory Services

Deloitte

Charlie Willis’s Biography

10:50am – 11:40am

Discussion Questions: Providers of services: How do you see these offerings,  and what would you need in order for them to be accepted by your customers? Are there different perspectives…

Discussion Questions:

  • Providers of services: How do you see these offerings,  and what would you need in order for them to be accepted by your customers? Are there different perspectives depending on the services you offer? (i.e. exchanges vs. law firms vs. broker dealers etc.)
  • Customers of vendors: How would attestation services fit into your vendor risk management program?  To what degree would it replace your existing questionnaire and information gathering process, and what supplemental info might still be needed?
  • Regulatory Context: What needs to be done to make sure these solutions fit into the regulatory framework that governs third party risk management?  Is there the potential for attestations to be provided by regulated entities to their supervisors demonstrate their compliance?
  • International context: What would the impact of attestation solutions outside the US and for international regulatory requirements be?
  • Are there segments of the securities industry where we think use of attestation solutions become an industry standard?
  • How do we deal with situations where some unregulated third-parties ‎are not forthcoming in terms of revealing information around their controls - do we need regulators to step in?

Participants

Charles DeSimone, Thomas M. Wagner

Moderators

Charles DeSimone

Vice President, Technology and Operations

SIFMA

Charles DeSimone’s Biography

Thomas M. Wagner

Managing Director, Financial Services Operations

SIFMA

Thomas M. Wagner’s Biography

11:40am – 12:30pm

Networking Lunch

Venue

SIFMA Conference Center

120 Broadway
Floor 2
New York, NY 10271

View on Google Maps

Located at 120 Broadway, a National Historic Landmark and a New York treasure, the SIFMA Conference Center is situated at the heart of New York’s Financial District.

With a rare combination of advanced technologies and sophistication, SIFMA’s Conference Center is fully furnished and equipped to offer unique features that stand alone amongst New York’s leading conference facilities.

Picture of venue

Hotel Accommodations

If you require hotel accommodation, a special SIFMA rate is available at the following:

Double Tree by Hilton Hotel – Financial District
8 Stone Street, New York, NY  10004, Phone# 212-480-9100
DISCOUNT: Corporate ID #0560038852

Club Quarters
52 William Street, New York, NY 10005, Phone# 212-269-6400
DISCOUNT: Password (SIFMA)

Residence Inn New York Downtown Manhattan / World Trade Center
170 Broadway, New York, NY 10007, Phone# 212-600-8900
DISCOUNT: Password (SIFMA)

Terms and Conditions

Code of Conduct
SIFMA meetings and events are intended to educate and engage our members and industry participants in thoughtful conversations. Inappropriate behavior will not be tolerated. SIFMA defines inappropriate behavior as any possible illegal conduct, verbal or physical abuse of any type, use of derogatory or discriminatory language, gestures or actions, unwanted invasions of privacy, any form of harassment, racism, sexism, or any other targeted comments which are intended to cause personal offense to another participant either in-person at the event or through social media channels, or the violation of any local, state, or federal laws or regulations.

If you are involved in or witness an incident at a SIFMA meeting or event that violates this Code of Conduct, please use this anonymous incident report form to let SIFMA know immediately. Please provide as much information as possible about the incident so that we can make a proper investigation. Any violations of law should be reported to law enforcement authorities.

SIFMA will investigate any reported incidents swiftly and confidentially if possible. SIFMA, at our discretion, may act on any reports of inappropriate behavior, including but not limited to removing a participant from the meeting or event and/or bar that person from attending future SIFMA meetings or events. SIFMA shall not refund any money paid for such attendee to attend the meeting or event, or for any travel expenses incurred to attend.

Attendee Roster
For your name to be included in the Attendee Roster, your completed registration form and payment must be received no later than two weeks prior to the event. Registrations received after that time will not be included in the Roster.

Substitutions
Conference registration substitutions are welcome. Email [email protected] with the following information and we will confirm the change: original registrant’s full name, substitute registrant’s full name, mailing address, title, phone and email.

Cancellations
Refunds will be granted for cancellations made three weeks prior to the start of the event. All cancellation requests are subject to a $100 processing fee and must be made in writing.