The Changing Face of Cyber Security Risk and Regulation Thursday, March 23, 2017 Time: 2pm – 3pm For your convenience, you may download today’s presentation, Index of Topics, and Glossary of Key Terms from the Resource List widget in the lower right section of your console before the event begins. A Housekeeping video will show at before today’s presenters begin. If listening with computer speakers please follow along with the audio. If listening by phone, please follow along with the instructional slides. If you experience any issues with slide advancement, hit F5 for PCs or CMD R for Macs.
Welcome and Housekeeping • Welcome • Chris Mason – Producer, e-Learning Committee • Housekeeping Video • Conference Video Page 2
Session Overview Cyber security is at the forefront of everyone’s minds. With more digital and so- called “Insurtech” initiatives comes more pressure to keep customers’ information safe. The magnitude / likelihood of data breaches involving insurance companies has led to significant regulatory inquiries and reputational damage. Governmental bodies have been creating regulations to crack down on these breaches and ensure that companies have cyber security programs in place. • Welcome our Moderator and Panelists: – Jerry Ravi – Moderator (Internal Audit and Risk Consultant) • Partner, EisnerAmper LLP • IASA Metro NY/NJ Chapter President – Venkat Rao – Panel Member (Global Regulatory / Compliance Consultant) • Director, EisnerAmper LLP – Jack. Hewitt (Regulatory / Legal Expert) • Partner, Pastore & Dailey LLC Page 3
Session Objectives • Identify the six key aspects of the cybersecurity threat and regulatory landscape. • Recognize key components surrounding the newly adopted New York State Department of Financial Services (NYS DFS) cybersecurity regulations • Recognize how insurers have implemented risk-based, cyber security programs and solutions designed to properly manage and monitor cybersecurity threats, and to address the NYS DFS regulations. Page 4
Overview of Topics (in order from top dow n, left to right columns) Always on your mind Key FINRA Enforcement Case Risk Assessment -500.09 The Data Model is Changing Key Areas of Focus for Insurers and Access Policy Financial Institutions Emerging Preventative Technologies NYDFA Cyber Security Rules and Data Loss Protection Policy Regulations Adjusting at a Slow Rate Summary of NYS DFS Rules Third Party Service Providers – Vendors – Sect. 500.11 Rising Costs of Insecurity Cybersecurity Definitions – Non-public Training – 500.14 Information-500.01 (g) 12 Common Reasons for Data Breaches New York State Information Security Breach Incidence Response Plans – 500.16 and Notification Act Two Factors Account for Most Theft and Cybersecurity Program - Sect. 500.02 Notices – 500.17 Loss Evolution of Cybersecurity Regulation Cybersecurity Policy – Sect. 500.03 Exemptions What is the Main Regulatory Framework Information Security Program Key Takeaways Framework for Improving Cybersecurity Cybersecurity Sources Key Insurance Industry Themes Sample NIST Risk Assessment – Heat Map Chief Information Security Officer (CISO) – Perform a Continuous Assessment Sect. 500.04 Key SEC Enforcement Cases Governance Policy Preventative Measures Page 5
Today’s Speakers Jerry Ravi, Partner, EisnerAmper LLP Jerry Ravi is a Partner in the Consulting Services Group. Jerry has over 15 years of business advisory and audit experience, with a unique ability to bring clarity and forward movement to the decision-making process. Combining advisory, facilitation and coaching, his work results in positive and sustainable business growth and risk management programs. Jerry helps clients translate complex challenges and regulatory requirements into sound strategies, providing the catalyst for change and the capacity to take action. Jerry partners with management, audit executives and board members to effectively manage and monitor risks facing their organizations. Through the role of internal auditor, compliance and enterprise risk specialist, he provides value-added assurance and consulting services. Jerry’s credo is to protect value and enhance outcomes and performance through practical and cost-effective solutions, including the coordination and utilization of people, process and technology. Jerry’s primary focus has been on managing Enterprise Risk Management (ERM) and internal audit and compliance engagements, which entails assisting and educating clients in designing an enterprise-wide risk management program. This includes deploying risk-based internal audit plans to enhance governance processes and monitor ongoing compliance with key controls in key risk areas. Jerry serves clients in a variety of highly regulated industries, maintaining a focus on the financial services sector where he helps companies address financial, operational, technology and regulatory risk and assists with operational excellence to overcome market and regulatory challenges. Page 6
Today’s Speakers Venkat, Rao, Director, EisnerAmper LLP Venkat Rao is a Director with EisnerAmper’s Global Compliance and Regulatory Solutions. He has nearly 15 years of experience working with hedge funds, private equity funds, commodity pool operators, registered investment advisors, broker-dealers, investment banks, and insurance companies. Venkat provides value added solutions to enhance compliance programs, such as creating compliance manuals and anti-money laundering (“AML”) procedures, performing mock regulatory examinations, and conducting risk assessments and annual reviews. He has conducted AML risk assessments pursuant to requirements under the Bank Secrecy Act, and tested compliance with a firm’s AML program to identify deficiencies. Venkat also advises clients on the latest regulatory developments from the SEC and CFTC. Venkat has worked extensively with various members of large and small organizations in addressing regulatory needs, including cybersecurity matters. He has overseen compliance departments, including AML compliance programs, and created, developed and tested policies and procedures in advance of and preparation for regulatory exams. Prior to joining the firm, Venkat was a Chief Compliance Officer for broker-dealers and investment advisors of hedge funds and private equity funds. Venkat headed the examination program for registered investment advisors and broker-dealers for a global professional services firm. In addition, he served as a risk and regulatory consultant in a Big Four accounting firm’s Advisory Services Practice, and advised many financial institutions of various sizes. Page 7
Today’s Speakers John R. (“Jack”) Hewitt, Partner, Pastore & Dailey LLC John R. ("Jack") Hewitt is a securities lawyer and focuses his practice on securities litigation and regulatory advice and counsel to broker-dealers, investment banks and investment advisers. His work involves virtually every aspect of the federal and state securities laws, including equity, fixed income and derivatives trading, net capital, short-selling, suitability, record retention, insider trading, cybersecurity and registration issues. Cybersecurity is a major part of Mr. Hewitt’s practice, and he is a recognized national authority in this field. Among other things, he advises firms on their development of information security programs, guides them through cyber incidents and represents them in any resultant regulatory inquiry. Mr. Hewitt regularly conducts cybersecurity audits for broker-dealers and investment advisers, and was the SEC appointed independent outside consultant in the first major SEC cybersecurity enforcement action, In the Matter of LPL Financial Corp., Respondent Admin. Proc. File No. 3-13181 (2008). Mr. Hewitt has written extensively on the regulation of electronic technology in the securities markets, including a series of articles for the New York Law Journal, and has chaired and spoken at numerous seminars on it. Mr. Hewitt is the author of Cybersecurity in the Federal Securities Markets, a Bloomberg BNA treatise, and is the editor and author of Securities Practice & Electronic Technology, an ALM publication. He is also the author of the Record Keeping and Advertising Chapters of the PLI Broker-Dealer Regulation treatise. Mr. Hewitt is currently the Co-Chair of the American Bar Association, Business Section Subcommittee on Cybersecurity. He is a recipient of the Compliance Reporter Compliance Person of the Year award for his work in electronic technology regulation, was a participant in the Securities and Exchange Commission’s roundtable discussions on internet issues and is listed on the International Who’s Who of e-Commerce lawyers. Page 8
Alw ays on your mind? It’s an evolving threat Digital initiatives, greater connectivity, greater risk Balancing cybersecurity with profitability AN ONCE OF PREVENTION IS WORTH A POUND OF CURE Page 9
THE DATA MODEL IS CHANGING… Page 10
Emerging Preventative Technologies There are a number of emerging technologies being introduced into commercial markets and the insurance industry, some are restructuring many industries: – Blockchain Technology – Mobile Micro-insurance – Wearables – Smart Contracts – Commercial Drone Usage According to a study produced by Accenture, only 0.2% of annual premiums were spent by insurance companies on digital initiatives. Page 11
Recommend
More recommend