Presentation is loading. Please wait.

Presentation is loading. Please wait.

CYBER RISKS IN SECURITIES SERVICES

Published byThais Leão Modified over 5 years ago

Similar presentations

Presentation on theme: "CYBER RISKS IN SECURITIES SERVICES"— Presentation transcript:

1 CYBER RISKS IN SECURITIES SERVICES
Jason Harrell, Business and Government Cybersecurity Partnerships November 2018

2 Background The evolving threat landscape, new and emerging technology, and increased reliance on third parties and supply chain providers increases the risk across the financial services sector In 2017, the International Securities Servicers Association (ISSA) released the white paper, Inherent Risks within the Global Custody Chain, where the organization highlighted different risks specific to Securities Servicers Later that year, a Cybersecurity Working Group was formed to analyze how this threat may impact Securities Servicers Several questions emerged How would cyber threats materially impact this market segment? Do the current risk frameworks address the risks of Securities Servicers? / Are there risks that are specific to Securities Servicers that may not be covered by the current cybersecurity risk frameworks? What cyber risk programs should Securities Servicers focus on? What should Securities Servers focus on, as a market segment, to be operationally resilient? Why Did ISSA Review Cyber Risks To The Securities Services Market Segment?

3 Motivators For Threat Actors
There are several types of Threat Actors Nation States Organized Crime Hacktivist Insiders Not All Cyber Criminals Are Focused On Direct Financial Gain! Market Disruption Geopolitical Motivation Market Manipulation What Is The Motivation For Cyber Criminals?

4 Market Impacts What would the market impact be if a threat actor disabled the operations of a Central Counter Party or Central Securities Depositor? What would be the market impact be is a threat actor disabled the operations of a large custodian or sub-custodian? What would the market impact be if a threat actor targeted the books and records of a specific security but did not disrupt all firm operations? AND OF EQUAL IMPORTANCE……… How would the Securities Servicers market segment respond if any of these events occurred? Why Did ISSA Review Cyber Risks To The Securities Services Market Segment?

5 Cybersecurity Frameworks
There are several frameworks that may be used to build a cybersecurity program that provides reasonable assurance. These frameworks include: National Institute Of Standards and Technology (NIST) Cybersecurity Framework CPMI-IOSCO Guidance On Cyber Resilience for Financial Market Infrastructures International Standards Organization (ISO) series Federal Financial Institutions Examination Council (FFIEC) Information Security Handbook How May My Organization Provide A Reasonable Control Structure?

6 Important Cyber Security Services For Securities Servicers
It is important that Securities Servicers have a comprehensive cybersecurity program that is sized based on: Type, Size, and Complexity of Operations Customer and Counterparties Markets and Products Traded Access Provided to Trading Venues Market Interconnectedness Threat Intelligence Vulnerability / Patch Management Penetration Testing Third Party / Supply Chain Management What Cyber Services Should My Organization Focus On As A Securities Servicer?

7 Cybersecurity Risk Management Activities - International
Supervisor / Regulatory Focus Bank Of England / UK Financial Conduct Authority (FCA) Financial Stability Board (FSB) Basel Committee On Banking Supervision (BCBS) European Central Bank (ECB) Committee On Payments and Market Infrastructures, International Organization Of Securities Commission (CPMI – IOSCO) SWIFT Customer Security Program Trade Associations Regulatory / Examination Harmonization Two Hour Recovery For Cyber Events Operational / Cyber Resiliency What Are The International Activities That Are Occurring Within Cyber Security?

8 Call To Action Where Do We Go From Here?
Continuously monitor the threat landscape for emerging threats to the financial services sector Build a cybersecurity program using an industry standard and focus on those programs that provide the largest risk mitigations for your business Understand the operational resiliency that your organization has in place to resume operations in the face of a material impact Work together across the Securities Services market segment to understand how the entire market would respond to a material operational outage Where Do We Go From Here?

9 Jason Harrell Depository Trust And Clearing Corporation (DTCC) Technology Risk Management

10 Links To Aforementioned Documents
Resources Links To Aforementioned Documents ISSA: Cybersecurity Risk Management in Securities Services ISSA: Inherent Risks Within The Global Custody Chain NIST: Framework For Improving Critical Infrastructure Security CPMI-IOSCO: Guidance On Cyber Resilience For Financial Market Infrastructures FFIEC: Information Security Handbook Bank Of England / UK FCA: Building The UK Financial Sectors Operational Resilience SWIFT Customer Security Program

Download ppt "CYBER RISKS IN SECURITIES SERVICES"

Similar presentations

The Benefits and Challenges of Implementation of Basel II in Europe José María Roldán | 27 Sept 2005.

The Benefits and Challenges of Implementation of Basel II in Europe José María Roldán | 27 Sept 2005.
AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.

AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.
HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.

Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.
National Infrastructure Protection Plan

National Infrastructure Protection Plan
Cyber Resilience Simon Onyons Financial Stability – Resilience Team.

Cyber Resilience Simon Onyons Financial Stability – Resilience Team.
Part A: Cyber risk. Chart A.31 Concern about cyber risk has grown Sources: Bank of England Systemic Risk Surveys and Bank calculations. Systemic Risk.

Part A: Cyber risk. Chart A.31 Concern about cyber risk has grown Sources: Bank of England Systemic Risk Surveys and Bank calculations. Systemic Risk.
What Is Vendor Management And Why Is It Important To You?

What Is Vendor Management And Why Is It Important To You?
1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.

1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
- The views in this paper/presentation are solely the responsibility of the author/s and should not be interpreted as reflecting the views of the Board.

- The views in this paper/presentation are solely the responsibility of the author/s and should not be interpreted as reflecting the views of the Board.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
De Nederlandsche Bank Eurosysteem Actual Developments of Payments and Securities Settlement Systems Michael van Doeveren 2nd Conference of the Macedonian.

De Nederlandsche Bank Eurosysteem Actual Developments of Payments and Securities Settlement Systems Michael van Doeveren 2nd Conference of the Macedonian.
BITS Proprietary and Confidential © BITS 2003. Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
1 WFC 2015, Mexico Worldwide implementation of the PFMI Froukelien Wendt, Monetary and Capital Markets Department, IMF.

1 WFC 2015, Mexico Worldwide implementation of the PFMI Froukelien Wendt, Monetary and Capital Markets Department, IMF.
Supervision of Information Security and Technology Risk Barbara Yelcich, Federal Reserve Bank of New York Presentation to the World Bank September 10,

Supervision of Information Security and Technology Risk Barbara Yelcich, Federal Reserve Bank of New York Presentation to the World Bank September 10,
1 Jim Devlin Comptroller of the Currency November 5, 2009 Data Breaches in Payments Systems -- Roles and Best Practices for the Public and Private Sector.

1 Jim Devlin Comptroller of the Currency November 5, 2009 Data Breaches in Payments Systems -- Roles and Best Practices for the Public and Private Sector.
© Copyright 2008, The NASDAQ OMX Group, Inc. All rights reserved. Influencing policy makers WFE Workshop on Leadership & Communication February 19 – 20,

© Copyright 2008, The NASDAQ OMX Group, Inc. All rights reserved. Influencing policy makers WFE Workshop on Leadership & Communication February 19 – 20,
What Keeps Your Board Up at Night? Sylvia Kerrigan, Exec. VP, General Counsel & Secretary – Marathon Oil Sean Gorman, Partner – Bracewell & Giuliani.

What Keeps Your Board Up at Night? Sylvia Kerrigan, Exec. VP, General Counsel & Secretary – Marathon Oil Sean Gorman, Partner – Bracewell & Giuliani.
Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.

Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.

Similar presentations

Ads by Google