Digital Operational Resilience & Critical Infrastructure: Do we need a European framework?
Digitalisation and new technologies are significantly transforming the European financial system. The financial sector is the largest user of information and communications technology (ICT) in the world, accounting for about 20 percent of all ICT expenditure. As a consequence, its operational resilience hinges to a large extent on ICT and this dependence will further increased digitalisation and with the growing use of emerging models, concepts or technologies, such as financial services benefiting from the use of Cloud, distributed ledger technology and artificial intelligence.
The presence of high value assets and sensitive data make the financial system vulnerable to operational incidents and cyber-attacks. Policymakers and supervisors have therefore increasingly focused on risks stemming from reliance on ICT. They have notably tried to enhance firms’ resilience through the setting of standards and through the coordination of regulatory or supervisory work. This work has been carried out at both international and European level, and both across industries and for a number of specific sectors, including financial services. Within the European Union, European Commission President von der Leyen Communication has emphasised that it is crucial for Europe to reap all the benefits of the digital age and to strengthen its industry and innovation capacity, within safe and ethical boundaries.
To proponents of a new digital operational resilience and critical infrastructure framework, the absence of comprehensive rules on digital operational resilience at EU level has led to the proliferation of national initiatives and supervisory approaches that has resulted in overlaps or inconsistencies, inconsistent incident reporting mechanism. Cyber risks remain more undetectable and it has created ICT third-party and critical infrastructure dependency risks. Financial supervisors also currently do not have powers to oversee risks stemming from financial entities’ dependency on ICT third-party service providers.
Any new framework must balance the opportunities that the adoption of technologies brings the European financial system with any risks the new framework purports to mitigate. Let’s not forget that the adoption of Cloud for example, not only has commercial benefits for its users but also improves regulatory reporting, risk management and improves security and cyber-attack detection. These technologies have also proved extremely resilient under the stress placed on them by COVID-19. The litmus test is to ensure that any new framework doesn’t introduce a plethora of processes and approvals, slowing down and significantly raising the cost of adopting emerging models and technology crucial to the competitiveness of the European financial system. This particularly holds if Europe adopts a broad definition of what is deemed critical infrastructure.
Please join us for this discussion on what will be a thought provoking and timely discussion on one of most important policy areas for both for technology providers and financial services industry.
- Webinar link: https://zoom.us/j/93258163605
Date
- Expired!
Time
CET
Organiser
Linda Strazdina
Phone
+32471915476Senior Consultant and Head of Technology Practice
Speakers
-
03. Jan CeyssensHead of Unit, Digital Finance, DG FISMA, European CommissionJan Ceyssens is Head of the “Digital Finance” Unit in the Directorate General for Financial Stability, Financial Services and Capital Markets Union at the European Commission.
He was previously a Member and Deputy Head of the Cabinet of Vice President Dombrovskis and Member of the Cabinet of Vice-President Barnier, and Team Leader for Financial Supervision at the European Commission’s Internal Markets and Services Directorate General.
He graduated in law from Humboldt University in Berlin and holds a Masters degree in European Law from King’s College London.
-
Jonathan DavisSenior Director, Cybersecurity Policy & Awareness, VISA EuropeJonathan Davis is currently Senior Director of Cybersecurity Policy and Awareness and joined Visa in 2014. He leads Visa’s Key Controls and Security Awareness Programmes, and works closely with Visa’s Government Engagement and Regulatory Affairs Teams, consulting on policy and regulatory issues related to cyber and operational resilience, as well as data privacy. Jonathan spent the first four and a half years of his tenure at Visa’s headquarters in the San Francisco Bay Area, and is now seconded to Visa’s London office, where he is focused on UK and European regulatory environments.
With over 20 years’ experience in Information Technology, Information Risk Management, Cybersecurity, and business leadership, Jonathan’s background spans a broad variety of sectors, including roles in banking, fintech, consulting, legal, and government environments. His roles have included Governance, Risk, and Compliance (GRC) program management and execution, leading Information Security consulting engagements at multiple Fortune 500 firms, business development, IT operations, and project management.
-
Ksenia Duxfield-KaryakinaPublic Policy and Government Relations Manager EMEA, Google CloudKsenia Duxfield-Karyakina is a regional Public Policy Manager for Google Cloud in EMEA. She is leading on Google Cloud Policy work in the UK, and pan-regional financial services policy issues across Europe and emerging markets.
Ksenia has been with Google since 2011, previously covering YouTube, innovations and AI Policy in Asia-Pacific based out of Hong Kong, and before that she was with the Russian Government Relations team in Moscow. Prior to Google, her experience includes leading Public Affairs at an OECD organization tackling financial crime, and working as a PR manager in the international VTB Banking Group, and Russia’s national railway company (RZD).
Ksenia holds a PhD in new media economics from Moscow State University and enjoys reading old fashioned paper books and cooking in her spare time. She lives in London with her husband and daughter. -
Orlando Fernández RuizSenior Technical Specialist, Governance, Remuneration and Controls, Prudential Policy Directorate, Bank of EnglandOrlando Fernández is a Senior Technical Specialist in the Governance, Remuneration & Controls team in the Bank of England’s Prudential Policy Directorate. Over the past two and half years, he has been leading the PRA’s policy on outsourcing and third-party risk management, with a focus on technologies such as cloud. Orlando was one of the authors of the PRA’s Consultation Paper on ‘Outsourcing and third-party risk management’. He also represented the Bank of England at the EBA group that produced the 2019 Guidelines on Outsourcing and contributed to the FSB’s report on third-party dependencies in cloud services that was published in December 2019. Prior to working in this areas, Orlando also played a leading role in the development of the PRA’s policy on the Senior Managers and Certification Regime (SM&CR).
-
Slavka EleyHead of Unit Banking Markets, Innovation and Products, European Banking Authority (EBA)Since 1 March 2018, Slavka Eley is the Head of Unit for Banking Markets, Innovation and Products, which has a leading role in the EBA Fin Tech work. Previously, she was the Head of the Supervisory Convergence Unit within at the EBA since February 2013. She has been responsible for the EBA’s work on the common EU supervisory policy and convergence, including IT risks, outsourcing to cloud and risks related to financial innovation, efficient supervisory cooperation, recovery planning and the early intervention framework.
She chaired different working groups at the EBA as Sub-group on Risk Assessment Systems mandated to develop the common SREP framework. Currently she chairs the Sub-group on Supervisory Effectiveness and Convergence.
Prior to joining the EBA Slavka worked for the National Bank of Slovakia where she held a number of roles in supervision and prudential policy.
She holds a MBA in general management from the City University of Seattle and a Master degree in Mathematics, Physics and Education from the Comenius University Bratislava.