On the panel:
"This panel was very timely," Bill Barouski says, "because of the abundance of regulatory direction and the fact that we have the attention of the regulators at least in financial institutions.
"And I would have to say there is great interest from directors in meaningful dialogue relative to greater visibilty on metrics, meaning greater visibility on risk management capabilities. We saw that in many of the other sessions at the FAIR Conference, too."
Another challenge addressed in the session: "The agenda has evolved beyond compliance to strategic issues that include the impact on business direction, business models, and risk management decisions.”
One major topic discussed: financial “regulatory harmonization”, consolidating the varying jurisdictions and regulatory standards that lead to--for Kirk Herath of Nationwide--nine separate infosecurity reviews a year by different authorities. Panelists discussed how harmonization, as Bill put it, “could reinforce sound risk management principles as well as reduce compliance overlap.”
Some encouraging news from Jay Restel: “The regulators are recognizing that we have to be in more harmony than we are. NIST guidelines and FAIR, that’s all on the table as [complementary] standards.”
More from the FAIR Conference 2017