Cybersecurity and data protection were top of mind at SIFMA’s 2017 Annual Meeting, The Capital Markets Conference. Held during National Cybersecurity Awareness Month, the conference kicked off in Washington, D.C. with the session, “Managing Global Cybersecurity Risk – An Organizational Approach.” Panelists included senior operational risk executives and regulatory representatives who described a significant shift in the scale and scope of cyber-attacks over the last few months. To achieve effective, efficient cybersecurity policy, panelists said firms must rethink risk management and regulators must reach a unified, common standard for enhanced harmonization of cybersecurity requirements.

Chief Information Security Officer (CISO) of Bank of America Merrill Lynch, Craig Froelich, noted the importance of testing industry response protocols to ensure resilience of the sector against increasingly sophisticated threats. Edward Jones’ Principal of Internal Audit, Michael Williams, added that the impact of the changing cyber threat environment has major consequences for a firm’s internal audit department, which is also managing regulatory demands. He noted that “firms must think through governance and controls for data security, and make sure they are in place” as well as leverage the knowledge and skill sets of the 1st and 2nd levels of defense to strengthen security.

In response to these emerging cyber risks, firms are stepping up their defense by going beyond conventional approaches to cybersecurity and rethinking risk management functions. Phil Venables, Partner and Chief Operational Risk Officer at Goldman Sachs discussed the firm’s decision to reorganize its efforts into an independent risk management unit, reflecting the importance of protecting client data from cyber-attacks.

Thomas Ferlazzo, Senior Vice President of Operational Risk Supervision at the Federal Reserve Bank of New York, shared the top threats to the industry and the most effective organizational and governance best practices to combat them with. Addressing the supervisory capacity of the Fed, Mr. Ferlazzo said that the Fed recognizes the challenge of cybersecurity regulation and that “harmonization is the path we’re on.”

Sector resiliency requires comprehensive firm-wide preparation as well as strong public-private partnerships, with significant coordination between industry and government. The panel underscored the urgent need for regulators and industry leaders to continue to work together, share information and take meaningful steps toward harmonizing regulation. Along with building up the cybersecurity talent pool, these are essential for enhancing industry defenses against ongoing and sophisticated cyber threats.

In her welcoming remarks at the Annual Meeting, SIFMA Chair Lisa Kidd Hunt, Executive Vice President of International Services and Special Business Development, Charles Schwab & Co., Inc., said of cybersecurity, “As an industry we must work together to ensure that our clients’ data is protected and that we hold ourselves to a high standard in this regard.”

To learn more about the work the industry is doing – through SIFMA and other industry organizations – to help protect our firms and our clients, visit SIFMA’s Cybersecurity Resource Center.

Thomas Wagner is Managing Director, Financial Services Operations and Technology, at SIFMA

See also:

• Principles for Effective Cybersecurity Regulatory Guidance
• Quantum Dawn IV Cybersecurity Exercise
• The Hill: Bolster Cyber Defenses with Streamlined Regulation
• Sheltered Harbor Industry Initiative