If you are in Operations or a Compliance Officer in Financial Services, it’s a busy and confusing time at the moment.
MIFID II comes into effect in Early 2018, followed by the less well understood and somewhat mysterious beast that is GDPR. And all this is set against a backdrop of a seemingly ever increasing and somewhat hysterical threat of Cyber Criminals allegedly targeting your firm. Understandably it can be difficult to know where the focus should be – especially when there is a push for more flexible and collaborative working – the process of which can potentially increase risk of security exposure and regulatory non-compliance.
So how do you approach all this change whilst maintaining your sanity? Whilst there is a temptation to ‘throw the chequebook’ at it, it generally pays by starting with looking at the obvious.
Look after your data
A data leak can result in a range of very undesirable consequences for your firm, from regulatory breaches to commercial and reputational damage. According to a 2015 report 37% of data breaches are unintentional and due to human error. Training staff on what constitutes sensitive data, the cause of breaches and best working practices will help avoid this.
37% of data breaches are unintentional and due to human error
Develop a ‘Cyber Safe’ culture
It is an often shared and likely accurate statistic that nearly two thirds of cyber-attacks in businesses can be traced back to the actions of an employee. By building a culture where staff understand the nature of cyber threats and are motivated to help prevent them, your risk will be dramatically reduced. Whilst education is important, more successful strategies are often built around gamification.
Document everything!
Whilst this sounds like a huge administrative burden it shouldn’t be. At a basic level documentation mean keeping a records of what you are doing – whether by policy or enforcement – and crucially why you are doing it. Should you be unfortunate to have a compliance issue then this will demonstrate that you were making the effort to play by the rules and likely reduce or avoid any fines. Just as important, when reviewing your processes and technology in the future, you will know why you did it in the first place.
Collaborate with your peers
The fastest way of identifying what may have slipped under your radar is to find out what other firms are doing. In our experience people are always happy to share best practice and challenges with their peers. Exchanging ideas benefits both parties and is unlikely to be considered as giving away secrets to the competition.
People are always happy to share best practice and challenges with their peers
Learn from your suppliers – but be careful!
As the owner of a technology business I will give a bit of a ‘health warning’ to this recommendation. There is plenty of biased information in the marketplace from sales people trying to sell solutions. However at the same time many businesses are happy to trade their professional advice for keeping abreast of market trends (ie. learning about your problem). We do this through facilitated workshops.
If you want help to identify the obvious then sign up for one of our events.