ABOUT THIS LEARNING EVENT

This online course will lay out the cyber risk landscape for financial institutions, core principles of sound risk management, approaches to regulation, and effective supervisory practices. The course will focus on the practical aspects of cyber risk management and supervision, developing examinations skills needed to realistically assess the level of cyber risk at financial institutions and their compliance with regulations.

TIMELINE

WHAT WILL YOU LEARN

The course will help officials to better understand cyber risk as it relates to the financial sector, its potential impact on institutions and financial stability, and ways to mitigate it through regulation and effective supervision. More specifically, the training will:

• Introduce participants to cyber security fundamentals and promote commonly accepted definitions and vocabulary;

• Familiarize participants with typical Information Technology architectures used at financial institutions and their implications for cyber risk;

• Enhance supervisors’ capacity to identify key drivers of cyber risk and risk transmission channels through which financial stability may be impacted;

• Introduce participants to commonly used approaches to cyber risk management at financial institutions and provide criteria for the supervisory assessment thereof;

• Develop supervisory skills needed for performing effective on-site and off-site cyber-security supervision of the financial sector; and

• Promote greater consistency of cyber security regulation, harmonization of requirements, and information sharing.

DELIVERY AND WORKLOAD

The course will be delivered as a combination of pre-recorded videos, live interactive sessions, and homework assignments. The course will be divided in two units, which are planned to take 5 hours each:

(1) Introduction to banking IT and cyber risk management. In this unit, we will familiarize ourselves with how IT is typically used in banks and the principles and methods of cyber risk management. We will also address how cyber risk in the financial sector can become a systemic issue and impact financial stability.

(2) Cyber security regulation and supervision in the financial sector. In this unit, we will discuss various regulatory frameworks and supervisory good practices. We will lay out common core elements of regulation and the rationale behind requirements. The unit promotes a standards-based approach to regulation and will discuss the merits and use cases of principles-based versus more prescriptive approaches.

There will be one to two interactive sessions per unit and an introduction session for the course.

WHO SHOULD ATTEND

The course is of introductory/intermediate level and is aimed at non-specialist financial supervisors on core principles of cyber risk management, regulation and supervision. Participants are expected to have (i) at least a year of generalist prudential supervisory experience in the financial sector, including on-site examinations and formal risk assessments; and (ii) a basic understanding of IT systems beyond end-user experience.

We welcome employees working on banking, insurance, or capital markets regulation and supervision. It may also be of interest for those working on related field, such as conducting cyber security oversight of payment and settlement systems. Those involved in IT audit will also be considered for the course.

FACULTY

• Tamas Gaidosch, Senior Financial Sector Expert, Monetary and Capital Markets, International Monetary Fund

Tamas's  responsibilities in Financial Regulation and Supervision Division include designing and rolling out IMF’s global Cyber Risk Technical Assistance program for financial sector regulatory and supervisory authorities, participating in financial sector surveillance, developing policy recommendations, and representing IMF on cyber-security matters in international standard setting bodies. Before joining the IMF, Tamas was in charge for IT Supervision at the Central Bank of Hungary (2015-2017). Prior to that position Tamas was a partner at Deloitte (2013-2014) being in charge for the firm’s Enterprise Risk Services in Central Europe. Earlier he worked at KPMG (1999-2013) as Head of Risk Consulting in Hungary. He holds a Masters degree in Computer Science, is an Executive MBA (Ecole des Ponts ParisTech), and holds CISA, CISM and CISSP certifications.​

• Ravikumar Rangachary, Senior Financial Sector Expert, Monetary and Capital Markets, International Monetary Fund

Ravikumar joined the cyber team in Monetary and Capital Markets Department in October 2020. Prior to joining the Fund, Ravikumar worked at the Reserve Bank of India as Chief General Manager, where he was responsible for setting up and operationalizing Cyber Security and IT Examination Group. During his tenure he put in place a cyber security framework, a cyber incident reporting framework and a key risk indicator framework for assessing cyber security. He was a member of the Cyber Lexicon Working Group as well as Cyber Incident Response and Recovery Working Group set up by FSB.

His other responsibilities during his long career have been facilitating setting up of Off-site monitoring system, heading the analytics function at the Department of Supervision and facilitating implementation of Risk Based Supervision. He worked as a member of faculty teaching regulation and supervision for over five years at the Reserve Bank Staff College. He also worked at Central Bank of Oman as an Expert in Supervisory / Regulatory functions for more than five years.

Ravikumar has an MBA and he is a CFA, FRM and CISA. He also attended Senior Executive Program at London Business School (2003) and Advanced Management Program at Columbia Business School (2019)

• Emran Islam, Senior Financial Sector Expert, Monetary and Capital Markets, International Monetary Fund

Emran joined the IMF in 2020 as a Senior Financial Sector Expert in the Financial Regulation and Supervision Division. In his previous role, Emran was a Senior Oversight Expert at the European Central Bank (ECB) and the lead for developing and operationalising the cyber resilience strategy for the European Union. He was a part of the team that developed TIBER-EU, the Cyber Resilience Oversight Expectations, established the Euro Cyber Resilience Board, developed and operationalized the market-wide cyber exercise (UNITAS) and developed the Cyber Incident and Information Sharing Initiative (CIISI-EU). Emran has been involved in various international cyber groups, including the G7 Cyber Expert Group, the CPMI Task Force for endpoint security, the FSB Cyber Lexicon Working Group, the CPMI-IOSCO Cyber Working Group, the ESRB Systemic Cyber Working Group and the World Bank FIGI. As part of this international work, Emran has been involved in drafting the CPMI-IOSCO Cyber Guidance, the different G7 Fundamental Elements, the CPMI strategy for endpoint security and the FSB Cyber Lexicon. He was involved in the G10 Oversight of SWIFT and was the overseer of STEP2-T and EURO1. Prior to joining the ECB in 2015, Emran worked at the Bank of England for 5 years, where he was an FMI supervisor, as well as leading the cyber work for UK FMIs (inlcuding the development of CBEST). Emran is a Chartered Accountant, and has previously worked at Goldman Sachs, PwC, IBM and the central government. Emran has a BA and MPhil from the University of Oxford.

• Oguz Yildiz, Authorized IT Auditor, Central Bank of the Republic of Turkey

Oguz is an IT Auditor with over 4 years of experience in IT Auditing. He is employed at the Audit Department of the Central Bank of the Republic of Turkey where he conducts IT audits. His main fields of expertise are performing audits on physical security management, IT risk management, vulnerability management, IT-project evaluation, IT-infrastructure and ISO 27001 compliance. He worked as a lecturer at Middle East Technical University for more than a year and as a developer at the Central Bank of the Republic of Turkey.

• Gabriella Biró, Head of IT Supervision, Central Bank of Hungary

Gabriella has an MSc in computer science and IT security related experience from different banks and advisory companies. She also holds CISA, CISSP, CEH and CFE certifications and is the Board member of the (ISC)2 Hungary Chapter, a member of the Supervisory Board of ISACA Hungary, and founding board member of WITSEC (Women in IT Security).

 

Partners

This learning initiative was supported by: