The cyber landscape is constantly evolving and staying ahead of these threats is a never-ending job. Driven by the growing sophistication of threat actors, the proliferation of new technology adoption and an increasingly interconnected marketplace, cyber risk ranks as a top threat to the financial services ecosystem, according to a recent DTCC survey.
In 2023, DTCC will continue to engage with clients, financial authorities, government agencies and key stakeholders to advance opportunities to share best practices and partner on ways to mitigate cyber risk.
DTCC Connection caught up with Jason Harrell, DTCC Managing Director and Head of External Engagements, Operational and Technology Risk, who weighed in on three key areas of focus for DTCC in 2023.
Focus Area: Cyber Incident Reporting
-
Background: As cyber incidents continue to grow in frequency and sophistication, cyber incident reporting has become a key focus area. Effective cyber incident reporting, coupled with public/private information sharing of cyber events, can help limit the impact of incidents across the financial services sector and support stability of the markets.
-
Issue: Varied approaches to cyber incident reporting across regional and global jurisdictions has noticeably increased the difficulty for financial institutions to meet their regulatory reporting obligations. Limitations on information sharing frameworks between financial authorities and between financial authorities and financial institutions impairs the ability of the financial services sector to enhance its protections against cyberattacks.
-
2023 Outlook: DTCC will engage with key public/private working groups and trade associations to help shape the development of frameworks used to share cyber incident information between financial authorities and institutions.
Focus Area: Operational Resilience
-
Background: Operational resilience is an organization’s ability to identify, protect, adapt and respond to, and recover from operational events. As the threats to our industry continue to evolve, financial institutions must identify how these threats may impact their ability to deliver critical operations and what, if any, capabilities are required to further enhance resilience. Enhancing operational resilience across the financial services industry requires efforts that are cross-border and cross-sectoral in nature. Financial authorities, standards setting bodies, and the private sector must also adopt practices to strengthen that resilience.
-
Issue: Coordinated global efforts to bring financial institutions and authorities together to holistically address operational resilience issues continues to strengthen. However, the absence of clear requirements or conflicting approaches by banking and market regulators may lead to fractured operational resilience approaches and, for FMIs, conflicting operational resilience requirements.
-
2023 Outlook: DTCC will work with other financial institutions, financial authorities and standards setting bodies to identify and develop reconciliation steps that align banking and market regulator expectations for operational and cyber resilience.
Focus Area: Third Party Risk / Resilience Management
-
Background: Financial institutions are accountable for any activity, product or service outsourced or delegated to a third party. Further, supervisory and regulatory operational resilience principles and rulemaking are driving financial institutions to increase the level of understanding of the potential impacts that a third-party may have on their resilience and the third-party’s ability to rapidly recover from material operational events.
-
Issue: Third-party providers’ resilience and the oversight requirements of these relationships by financial institutions must be shaped in collaboration with global financial authorities through public/private partnerships.
-
2023 Outlook: DTCC will partner with standards settings bodies and supervisory working groups to develop principles for third-party resilience so that existing rules can be updated with the new requirements and new rules can be consistently developed across jurisdictions. Areas of focus will include terminology, contract clauses, supply chain management, due diligence and concentration risk.
“DTCC continues to pursue new and innovative technologies to build a resilient and forward-looking infrastructure,” said Harrell. “As we travel on our digital journey, we maintain a laser focus approach to pursue new innovations that provide efficiencies and align with our mission to reduce systemic risk for the ever-changing financial industry.”