It was the best of times—when compliance and cybersecurity functioned as two separate and autonomous roles within the financial services industry.
But as new technologies shifted how institutions and firms do business, and regulators implemented new rules to address emerging threats to consumers and systems, the responsibilities of each suddenly started to look more like an overlapping Venn diagram than the historically siloed functionalities that they once were.
But that isn’t to say it has become the worst of times. In fact, within the overlap, many firms may find opportunities to enhance and elevate their programs.
However, financial services firms now face the challenge of creating teams where both departments collaborate to create a coherent, sustainable and supportive system that protects data and complies with regulations—in short, developing a cross-departmental strategy and coherent tactics to achieve the firm’s overarching goals.
A Tale Of Two Roles
Chief compliance officers (CCO) and chief information security officers (CISO) have long held leadership roles with distinct, highly focused areas of responsibility: risk management for the former and data security for the latter.
Recently, however, those roles have started to overlap.
CCOs are specialized experts within the realm of regulation and compliance, managing a scope of responsibility that spans from controlling access points like messaging platforms, smartphones, tablets and computers to tracking trades, expenses and political donations. In addition, CCOs must ensure employees, particularly at financial services firms, receive compliance training and understand industry rules that govern the firm’s operations.
On the other hand, CISOs and their IT departments protect infrastructure and data by managing physical and virtual security.
A decade ago, an application developer could create a program and own the data center. Now? With information being stored in the cloud, the firm no longer controls the data. As a result of this paradigm shift, that same program which used to reside solely in IT’s realm, now straddles the responsibility of compliance and cybersecurity.
Convergence
This convergence means compliance and IT departments must work together, especially given the complexity of emerging technologies and the regulations developed to manage those functions.
As regulators focus on security and data breaches—and increase fines for firms that do not comply with the new rules—compliance teams are forced to shift their roles and responsibilities to stay in line. Meanwhile, IT teams must understand the nuances of these new regulations to develop and enforce policies that will protect the organization's infrastructure and data.
A perfect example lies within the application of AI-enabled programs such as chatbots. The CISO is responsible for managing the AI program from a network and technology stack perspective by examining how the program was created and whether it has safeguards to prevent accidental exposure of sensitive information. The CCO then needs to establish the protocols to vet the AI program to ensure it meets compliance and regulatory requirements.
Comprehensive Solutions
Financial services firms that want to address the issue of cybersecurity compliance through outsourcing would be best served by finding a comprehensive compliance company that can monitor core compliance functions like trade and expense while also keeping an eye on emerging regulations and shifting trends in cyberspace.
Leaders will be best served by working with a firm that can simultaneously look at current and future needs. The vendor should be able to understand what a potential new regulation means for the firm's systems from both compliance and technology perspectives.
The era of compliance and cybersecurity operating in silos is quickly ending. As the financial services industry relies more heavily on emerging technology to execute its core functionalities, it will continue to face more complex rules and regulations regarding data and infrastructure security. Firms need a compliance and security partner that provides a comprehensive approach that can simultaneously support the office of the CCO and CISO, identifying what technology infrastructure changes may be needed to address upcoming regulations.
Helen Johnson is chief technology officer at COMPLY, a global market leader in compliance software, consulting and education resources for the financial services sector.