The IT, Cyber Security and Data Protection Workshop Part I
The IT Security and Data Protection Worksop
aims to answer some questions that current IT and Data highlights like old and new forms of cyber-attacks e.g. by using spoofing as a technique that can overcome planned defences. We address the IT security, Cyber Security and Data Protection implications on business and what the organisation should be doing now to address the future compliance issues?
Participants will have an opportunity to discuss the challenges and apply their talents to defend their the financial organisation and use the outcome to identify areas to enhance policies, develop technical solutions and improve personnel strategies to allow their groups to respond better to real work incidents.
General Data Protection Regulation (GDPR)
The existing EU data protection regime is based on the 1995 Data Protection Directive (95/46/EC). During the last 20 years, there have been significant advances in information technology, and fundamental changes to the ways in which individuals and organisations communicate and share information. Combined with the developments, the various EU member states have adopted a somewhat divergent approach to implementing the Data Protection Directive.
The directive has created compliance difficulties for many businesses. In recognition of such challenges, the EU's legislative bodies have developed a more harmonised data protection law, the draft General Data Protection Regulation (GDPR). Although the GDPR is not likely to enforceable before 2018, this session will consider the impact of the GDPR on businesses and what they should be doing now.
The cyber security challenge
The proper collective response to the Cybersecurity threats is becoming more and more involved. Contrary to other business areas, the regulatory guidelines are still vague. Therefore, each company must establish correct and clear guidance;
- When should the board of directors be informed of IT and cyber risks
- Who is responsible and takes ownership of IT and cyber security policies
- How does management stay aware and maintain systems in an area, which changes constantly?
- When should the company invest in new knowledge and technology to follow the latest developments?
- What are the different approaches towards planning, prioritisation and managing Cybersecurity activities?
- Is your Cyber security strategy sufficient?
Data security, data breaches and security alerts
Data security controls are crucial to ensure that customer and business information is always protected. IT Risk management programs with organised operating environments, strong and multi-factor verification and other controls can provide flexible controls and solutions.
How to safeguard against the third party risks associated with groups that have access to data and systems.
We review updated controls, user access, separation of system infrastructure, limits and restrictions and proactive system monitoring;
- How to monitor periodic risk assessments of information security programs.
The sum of the above will ensure business sustainability and build IT controls to protect unauthorised access to business communications, intellectual property or client information.
The IT, Cyber Security and Data Protection Workshop Part II
Are you ready for the future digitalization?
The current digital transformation serves as the focal point for new opportunities and challenges that arise from latest technological developments and trends from the digitalization of business and society. Digitalization is one of the most fundamental components of the current period of transformation.
For the companies that are prepared, It provides a unique opportunity to shape the sustainability of the future business processes. Therefore, it adds to the significant responsibilities of the board, senior and IT management shoulders.
Digital transformations will have a positive impact on both business and society. At the 9th annual European GRC Summit, we focus on the implications of digitalization and discuss the future corporate IT, Digitisation and Cyber opportunities.
- How to address data structures & integrate IT compliance and data privacy functions.
- How to navigate between the new EU Privacy Directives and other global mandates.
- Imposing entity-level IT controls across multi-jurisdictions
- How to ensure reporting accuracy across multiple IT systems
- Matching your IT controls to implement and address the cloud and third-party data storage
- How to assess the impact of business processes, internal control, and training.
- What parts of regulatory change management can be automated?
IT related security and business risk, with a focus on Cloud Governance and Cyber Risk Management.
During the workshop, we will discuss solutions on the following topics.
- Have you experienced Cyber Attacks lately? We review some of the latest Cyber Attacks.
- What should the board of directors and executive management ask about Cloud issues
- How can the board and executive management ensure that IT and Cloud governance in updated and optimised?
- How should board and executive management and IT department respond to Cyber Attacks
Corporate Social Responsibility and Governance WORKSHOP
CORPORATE SOCIAL RESPONSIBILITY: A GLOBAL REVIEW OF PURPOSES, STRATEGIES, AND IMPLEMENTATION APPROACHES
Corporate Social Responsibility or Citizenship in Microsoft terminology CSR, Global Citizenship and Sustainable development play a critical role in identifying particular elements of a business' most sensitive activities related to good governance.
- Enhance strategic thinking, tactical planning, & actionable initiatives on how you can develop in-house CSR, global citizenship, and Sustainable Development risk-based programs
- How to leverage the guiding principles that promote a high level of awareness that encourages & identifies the 'red flag' indicators of CSR, global citizenship, and Sustainable Development
- How does CSR, and Sustainable Development mandate the cost of doing business to promote social, ethical & reputational standpoint
- What are the specific insights on how to develop & implement an action plan for CSR, and Sustainable Development
Current historical times with massive sovereign debts, need clear set rules for Corporate Social Responsibility and Environment Social Governance standards, to create stakeholder value and sustainable business happiness solutions. The CSR workshop consists of presentations, business cases, & breakout session, divided into the following seven categories.
- CSR Strategy Implementation
- CSR field project management
- CSR operations and performance improvement
- CSR business process reengineering
- Change management issues
- CSR in cloud and data protection (incl. IT-security)
- Combining GNH to a sustainable and cohesive CSR model
The global CSR issues will deliver a 360° course for charting the global CSR culture and perspectives given the aftermath of the global financial crisis. We focus on the Gross National Happiness (GNH) model to further provide the CSR depth and to integrate, embed and link your CSR business processes together with people and technology.
- The link between Corporate Happiness-, Natural Capital- and Shareholder Value
- How can Responsible Corporations Sustainable Consumption make us happy?
The new disclosure requirements demand that CSR processes are integrated because CSR risks are now more complex, diverse and interrelated. By combining the various CSR risk components to good Governance and Compliance, an enterprise approach will be formed, and that will provide the company with strategic competitive advantage to critical business issues.
Based on the information from the conference you will be proactive in your reaction to active risk and let your competitors miss the business opportunities.
The primary attention of the CSR workshop is also to a value proposal on how to be prepared for additional disclosure requirements and protect the quality of the CSR reports:
- Take a closer look at the implications on the mindset caused by the regulatory CSR tsunami that companies have experienced
- The experts focus on the CSR processes that need to be changed in the corporate engine room and organizational cultural change issues
- Address the issues caused by the predominant use multiple excel spreadsheets to monitor and control CSR projects and how to start on the journey to automate CSR processes, controls, exposure and disclosures
- How to secure decisive wins and at the same time optimise the CSR business workflow
- Recognize the broader context of global CSR regulation across the organization, processes and functions.
Learn & benchmark CSR, Citizenship, and Sustainable Development schemes in the control framework including; the participants will be divided into groups to discuss the following CSR, BFC and Sustainable Development dilemmas and issues.
WORKSHOP/PARALLEL SESSION ON FINANCIAL COMPLIANCE CONCERNS AND THE EFFECT OF THE REGULATORY OVERREACH ON THE GLOBAL FINANCIAL SERVICES CONCEPT OR SO MUCH TO DO AND SO LITTLE TIME TO DO IT PROPERLY
Developing a comprehensive Compliance roadmap and framework for the next five years
Financial institutions face a multitude of layered regulations, with varying risk profiles. Managing that risk exposure requires a roadmap and framework that unifies, streamlines monitors, tests, and reports all compliance activities. The goal is to avoid starting from scratch each time, duplication and ensure forward integration for each compliance segment.
Is MiFID II, PRIPS another regulatory compliance schemes that flush capital down the drain? Prips, is due at the end of 2016, the Market Abuse Directive and regulation is round the corner, the date for Anti-Money Laundering Directive is June 2017 to be compliant, Senior Managers' Regime in 2018, so is Data Privacy and Security (GDPR) and the outcome of the Financial Advice Market Review is entirely unknown. At the workshop, we address some of the biggest areas of compliance concern in the financial services industry and come with a joint recommendation.
All financial institutions are spending a lot of money (up to 7% of costs) to cope with regulatory changes and compliance with 'manual processes' and resources that there is a significant danger that there are not enough finances left ion the budget to invest in technology. In addition, the manual processes create another risk and concern that management is unable to train and retain staff.
The workshop focusses on MiFID II's together with Prips and other regulatory compliance components that pose a big challenge for global firms due to the many 'unknowns' of regulation, technology, clients and staff;
- Developing and writing the text to make sure there are a roadmap and framework,
- How to outline each compliance component, on best execution, costs and charges, transaction reporting, the whole implementation scheme
- Addressing third-party dependencies on each activity
- What are the technology and the systems changes that are required for each compliance change?
- How to cope with constrained timeframes of some pieces of the legislation.
Building Effective Database and Programs for Know-Your-Customer and AML Compliance
There is a global focus on money-laundering, tax avoidance, human trafficking, and terrorism.
From FATCA tax compliance to anti-money laundering regulations and rules compliance requires that all financial services businesses have to make a dedicated effort to know-the-customer.
- How to revamp your current KYC programs and expand them to include improved policies and controls into the IT systems
- What are the necessary mechanisms in new regulations on the importance of KYC efforts?
- How to train employees to spot KYC failures and misbehaviours
Address the issues relating to global Investment Management to assess the Global Operational Risk Survey.
- Risk Models
- Effectively Measuring, Managing And Monitoring Risk Models
- Fundamental Review of the Trading Book & Liquidity
- Dedicated session on the Fundamental review of the Trading Book and Liquidity.
- Stress Testing
- Gathering insights on Analysing, Stress Testing Results, Reverse Stress Testing, and CCAR.
MIFID II/MIFIR DEEP-DIVE REGULATORY AND IMPACT ASSESSMENT: CONTEXT: WHERE MIFID II SITS IN THE WIDER G20 REGULATORY LANDSCAPE. THE MIFID II MAP, WHAT DOES IT CONSIST OF?
- How to operationalise your programme: Scoping, strategic decisions and dependencies
- Trading obligations and venues: Trading venues, systematic internalisers and HFT rules
- Reporting and data management: Transaction reporting, data publication and reasonable commercial basis
- Investor protection: Client classification, inducements, financial promotions and best execution
- SYSC: Record keeping, microstructural controls and operational risk
- Implementation strategy: The how and the when
- OTC reform deep-dive
How to address challenges and guidance to turn this new regulation into competitive advantages.
- Allocating the resources for understanding and tackling the regulatory compliance challenges
- A fundamental review of the trading book (FRTB) that requires dramatic changes to the existing market risk management practices.
- The data management challenges of some of the financial services and other regulations e.g. BCBS 239 and related regulatory implementations and updates.
WORKSHOP GLOBAL BRIBERY, FRAUD AND ANTI-CORRUPTION (BFC) ISSUES
THE ULTIMATE UKBA AND FCPA CASES AND WORK UPDATE
This workshop on UKBA and FCPA that looks at the global remediation, third party cooperation, managing UKBA/FCPA Audits, all on a local and global scale. We take a revised look at the current UKBA/FCPA enforcement regime, as a UKBA/FCPA investigation.
HOW TO DEVELOP AND IMPLEMENT A SUCCESSFUL ANTI-CORRUPTION COMPLIANCE PROGRAM
The workshop focus on practical steps compliance executives can follow when developing, implementing and refining anti-corruption programmes including how to:
- Gain buy-in for your anti-corruption programme from senior management
- Conduct effective risk assessments; develop and implement a compliance programme that addresses the specific risks your organisation faces
- Create a cost-effective and efficient third-party due diligence program
----------------- After the break
WE DESIGN A USEFUL UKBA/FCPA COMPLIANCE TESTING PROGRAM
Besides regular monitoring, testing has always been a crucial part of the internal control for UKBA/FCPA operational component. However local jurisdiction may require an ever-changing regulatory requirements and legions of controls to satisfy them.
During this session, we review UKBA/FCPA compliance testing and how to maintain, design and execute the test so that when local results are interpreted, useful insights on program improvements can match the complex and evolving industry regulations on UKBA/FCPA.
We will dissect the some UKBA/FCPA enforcement cases; when bribery allegations are disclosed to regulators, and an investigation is underway.
- What are the compliance challenges e.g. documentation on remediation and communication with the authorities.
- What should happen when a BFC case is created or reviewed and between. When findings of a UKBA/FCPA problem is discovered, and before any final settlement takes place
The workshop will review the enforcing of anti-corruption policies in-house and among third parties. During the seminar, you will design and develop a process to assess and uncover bribery and corruption risks-from planning the assessment and collecting data to analysing the information and flagging UKBA/FCPA concerns for formal investigations.