Our blog

The colliding worlds of regulated compliance and cyber resilience.


08 December 2016

Luke Beeson

Blogs by author: Luke Beeson, VP Security UK and Global Banking & Financial Markets.


Just 18 months ago, compliance surveillance and cyber security were very different worlds. Today, these two worlds are colliding.

The pressure to comply.

Compliance and surveillance officers have one of the most demanding roles of any stakeholder in a bank. Today, most compliance officers are working against a background of increasing personal accountability and a ten-fold increase in the size of the archive to be stored and managed under MiFID II.

Compliance officers now have to grasp a new and emerging set of responsibilities, including how to secure their organisation against employee flight risk and employee espionage risk, while ensuring cyber resilience.

In the 2016 Thomson Reuters Cost of Compliance Survey 48 percent of compliance professionals expected more compliance involvement in assessing cyber resilience over the next 12 months. This further highlights the importance of cyber resilience to the compliance profession.

The similarities between compliance and cyber security.

At face value, it appears the stakeholder requirements placed upon compliance and surveillance officers are hugely different. A compliance officer is looking for a trader’s rogue conduct, whereas an InfoSec professional in cyber assurance is often externally focused, looking at identifying attacks that can come from anywhere in the world.

Yet when you dig a little deeper, both teams are dealing with a rogue actor (operating inside or outside the organisation), who’s always adapting his or her behaviour to avoid detection.

They also need to think about:
•Context: to know where to focus their efforts against an explosion of data.
•Smarts: including individual behaviours and machine-assisted learning.
•Proactive monitoring: aligned to either compliance or security business priorities.

Additionally, regulations such as MiFID II demand that an appropriate level of management oversight is in place to assure all electronic communications. In many discussions with customers the view is that cyber security must be built into the management oversight of e-communications.

At BT we’re listening to our customers and evolving our Cyber Security Platform to start to address customers’ compliance requirements beyond cyber resilience. Our customers are demanding a smart set of tools that learns and adapts to the day-to-day compliance challenges of insider threat and market manipulation. So we’re providing the means to store more, detect more and prevent more — without deploying an army of investigators.

Our compliance surveillance summit.

If you’d like to know more, we’re holding a summit for security, technical and surveillance officers and professionals at the BT Tower in January — where we’ll bring together cyber security and compliance experts, and industry insight from Nick Lovett, COO Global Markets, Credit Suisse and Chris Palmer, Executive Director, JPMorgan Chase. We'll explore the key issues faced by risk management professionals and investigate what the future will look like for capital markets compliance and information security surveillance.

I’d also recommend you read our compliance white paper: Unlocking the data that matters. In it, we cover the key challenges faced by compliance and risk teams in the financial services industry. We take a look at the eye-watering fines imposed as a result of being non-compliant and how companies deal with incompatible legacy systems and data that’s trapped in silos.