Summit day two was host to inspirational keynote speakers on cybersecurity and privacy, insightful panels on TPRM regulation and supply chain resilience, and case studies on developing more effective TPRM practices. (For a recap of Summit Day 1, see this post.)
Nation State Cyberattacks
Erin Joe, Section Chief – Office of Private Sector, Federal Bureau of Investigations (FBI) emphasized the importance of strengthening government and private sector relationships in combating cyberattacks originating in China, Russia, North Korea and Iran. To further her premise, Joe referenced a quote from J. Edgar Hoover, former director of the FBI: “The most effective weapon against crime is collaboration.” In an era when ransomware is available as an outsourced service and cyberattacks are the norm, know that you are not alone – the FBI is represented in your area and open to communicating with you.
Closing the Gap on TPRM Regulations
Gary Roboff, Senior Advisor, Santa Fe Group, hosted the first panel of the day in which financial regulators themselves spoke to regulations, both nationally and internationally. Orlando Fernández Ruiz, Senior Technical Specialist, Governance, Remuneration & Controls, joined the panel from the Bank of England. Stuart Hoffman, Governance & Operational Risk Policy Analyst, joined from the Office of the Comptroller of the Currency (OCC).
The panel discussed warnings from Homeland Security, proposal of new rules and regulations by the OCC around Computer-Security Incident Notification Requirements, and the recent Financial Stability Board paper on outsourcing and third parties. Concerns are growing around technology – and panelists agreed that focus needs to be on a preventative approach to risk management rather than a restorative approach. (Planning for resilience before disruption.)
Case Studies
Johnathan Ehret, VP of Strategy and Risk at Risk Recon, presented the case for using continuous monitoring to increase visibility and effectiveness of TPRM. Michael Beck, Senior Manager, Consulting, TPRM, Ernst & Young, presented a concise study and graciously fielded audience questions.
Resiliency in the Supply Chain
Events over the past year have reinforced the importance of resilience. This panel, led by Brad Keller, SVP and CSO, Shared Assessments, delved into what we have learned from business disruptions. Jing de Jong-Chen, Sr Associate, Strategic Technologies Program, Center for Strategic & International Studies (CSIS) spoke to supply chain security issues. Randy Sabbagh, VP Global Incident Management, State Street, brought a financial institution viewpoint to the panel. Marnie Wilking, Global Head of Security & Technology Risk Management, Wayfair, brought a strong cybersecurity background to the panel.
Privacy in the Boardroom
Kabir Barday, Founder, President and CEO of OneTrust, gave a fast-paced overview of the top 5 privacy trends. Global regulations around privacy are increasing such that by 2023, 65% of the world’s population will have personal information covered by modern privacy regulations. (Up from 10% today.) CCPA has made employee privacy of paramount importance while Schrems II has called for appropriate safeguards for data. As data becomes an increasingly valuable resource, data governance has become an important best practice. These trends all point to the critical need for organizations to stay on top of privacy obligations to maintain trust.
Debate
The final session of Summit, directed by Tom Garrubba, VP and CISO, Shared Assessments was a point/counterpoint between Shared Assessments members and TPRM practitioners. Sean O’Brien, Managing Director, DVV Solutions, Tanneasha Gordon, Senior Manager,Deloitte & Touche, and Nasser Fattah, Executive Advisor, RiskLogix LLC offered their viewpoints on a multitude of issues. No one won the debate per se- but everyone had actionable suggestions for improving risk programs and practices.
Breakout Sessions
Summit wrapped up with a final round of breakout sessions on:
- Data Governance/Data Privacy Breakout Session
- ESG and TPRM Best Practices Breakout Session
- Professional Development Breakout Session
- Course Corrections Breakout Session
See you all next year – in person!
