If you practice risk management in a regulated industry, particularly finance, you’ll want to watch this video of a discussion at the recent FAIR Conference 2017 in Dallas that brought together veteran regulators from the Federal Reserve and Office of Comptroller of the Currency (OCC), plus an insurance company attorney and privacy officer.
On the panel:
- Moderator: Bill Barouski, Senior Vice President, Deputy CISO, Northern Trust and former Executive VP and CISO, Federal Reserve System
- Jay Restel, Supervision and Regulation Department, Federal Reserve Bank of Cleveland
- Nicole Clement, Accenture Security Group, Former OCC
- Kirk Herath, Vice President, Chief Privacy Officer, Nationwide Insurance
"This panel was very timely," Bill Barouski says, "because of the abundance of regulatory direction and the fact that we have the attention of the regulators at least in financial institutions.
"And I would have to say there is great interest from directors in meaningful dialogue relative to greater visibilty on metrics, meaning greater visibility on risk management capabilities. We saw that in many of the other sessions at the FAIR Conference, too."
Another challenge addressed in the session: "The agenda has evolved beyond compliance to strategic issues that include the impact on business direction, business models, and risk management decisions.”
One major topic discussed: financial “regulatory harmonization”, consolidating the varying jurisdictions and regulatory standards that lead to--for Kirk Herath of Nationwide--nine separate infosecurity reviews a year by different authorities. Panelists discussed how harmonization, as Bill put it, “could reinforce sound risk management principles as well as reduce compliance overlap.”
Some encouraging news from Jay Restel: “The regulators are recognizing that we have to be in more harmony than we are. NIST guidelines and FAIR, that’s all on the table as [complementary] standards.”
View the video "How to Balance Risk Management with Regulatory Compliance" on the Member Resources page.