26 January 2021 | 14.30 – 16.10 CET
Virtual networking from 14.00
PROGRAMME
14.30 – 14.35 Introductory remarks by moderator
14.35 – 15.10 Introductory remarks by speakers
15.10 – 16.10 Panel discussion and Q&A
16.10 – 17.00 Virtual networking
Discussion points
- How can the ICT risk management be improved? What requirements would be appropriate?
- Should all financial institutions be required to have in place an ICT risk management framework (based on common principles)?
- What are the biggest challenges in terms of ICT risk management?
- How can ICT-related incident reporting be streamlined?
- What is a reasonable level of detail and scope for incident reporting?
- Should all financial institutions be required to run operational resilience testing?
- Who should be required to perform baseline testing and who should be required to perform advanced testing? How do we identify which financial institutions that are “significant” in this regard?
- What would be the most efficient frequency of performing operational resilience testing?
- Should an oversight framework for third party ICT service providers be introduced?
- Should such an oversight framework focus only on “critical” third party providers? If so, how should “critical” be defined?
- To what extent is concentration risk among third party ICT providers an issue? How could this be addressed?
- How can we arrange efficient information sharing between financial entities?
Panelists
Billy Kelleher Member of the European Parliament
Jan Ceyssens Head of Unit B5 – Digital Finance, DG FISMA, European Commission
Lorelien Hoet Government Affairs Director EU, Microsoft
Jason Harrell Head of Business and Government Cybersecurity Partnerships, Technology Risk Management, DTCC
Moderator
Anna Carrier Senior Government and Regulatory Affairs Advisor, Norton Rose Fullbright LLP