Speakers
Chair
Gerry Cross
Director Financial Regulation, Policy and Risk - Central Bank of Ireland
Public Authorities
David Bailey
Executive Director for Prudential Policy - Bank of England
Francesco Mazzaferro
Director General of Secretariat - European Systemic Risk Board (ESRB)
François-Louis Michaud
Executive Director - European Banking Authority (EBA)
Industry Representatives
Thiebault Meyer
Director, Office of the CISO - Google Cloud
Tulsi Narayan
Senior Vice President, Security Solutions and Processing, APEMEA - Mastercard
Diana Paredes
Chief Executive Officer Co-founder - Suade Labs
Objectives
This session will first discuss the state of play of preparations for the implementation of DORA and the main outstanding challenges for financial institutions and supervisors related to DORA.
The panel will then assess more broadly the evolution of cyber and operational resilience challenges in the financial sector, whether further policy intervention is needed at EU or global level to tackle these risks and ensure sector or system-wide cyber resilience, and what industry best practices in cyber-risk management can be leveraged in the financial sector.
Points of discussion
- DORA implementation: How is the implementation of DORA progressing and will there be enough time to achieve compliance by January 2025? Do the adopted DORA RTSs and the tools provided for their implementation raise any issues? Are market participants and supervisors facing any major challenges in the implementation of DORA? How are things progressing in establishing the oversight regime for Critical Third Party Service Providers (CTPPs)? How are other major financial jurisdictions approaching cyber and digital operational risks and are approaches sufficiently aligned and coordinated?
- Future priorities in terms of cyber and digital operational resilience beyond DORA: What are the main trends in terms of cyber and digital operational resilience that may require further policy attention and are new risks emerging? Are rules sufficiently future-proof and flexible to the adapt to the increasing pace of innovation and tackle new cyber-treats? Are further actions needed to enhance regulatory and supervisory consistency at the international level in this area? Does more need to be done to enhance sector or system-wide cyber resilience? What are the best practices at industry level in terms of risk management to build on and how can AI be taken advantage of to fight cyber-risk and improve digital operational resilience?