Cyber Security Risk Supervision

Feb 14 – 25, 2022 Online No Fee
Feb 9, 2022
English

About this learning event

This online course will lay out the cyber risk landscape for financial institutions, core principles of sound risk management, approaches to regulation, and effective supervisory practices. The course will focus on the practical aspects of cyber risk management and supervision, developing examinations skills needed to realistically assess the level of cyber risk at financial institutions and their compliance with regulations. The very specific content of the course is subject to possible changes.

What will you learn

The course will help officials to better understand cyber risk as it relates to the financial sector, its potential impact on institutions and financial stability, and ways to mitigate it through regulation and effective supervision. More specifically, the training will:

  • Introduce participants to cyber security fundamentals and promote commonly accepted definitions and vocabulary;

  • Familiarize participants with typical Information Technology architectures used at financial institutions and their implications for cyber risk;

  • Enhance supervisors’ capacity to identify key drivers of cyber risk and risk transmission channels through which financial stability may be impacted;

  • Introduce participants to commonly used approaches to cyber risk management at financial institutions and provide criteria for the supervisory assessment thereof;

  • Develop supervisory skills needed for performing effective on-site and off-site cyber-security supervision of the financial sector; and

  • Promote greater consistency of cyber security regulation, harmonization of requirements, and information sharing.

Delivery and workload

The course will be delivered as a combination of pre-recorded videos, live interactive sessions, quizes and homework assignments.

Who should attend

The course is of introductory/intermediate level and is aimed at non-specialist financial supervisors on core principles of cyber risk management, regulation and supervision. Participants are expected to have (i) at least a year of generalist prudential supervisory experience in the financial sector, including on-site examinations and formal risk assessments; and (ii) a basic understanding of IT systems beyond end-user experience.

We welcome employees working on banking, insurance, or capital markets regulation and supervision. It may also be of interest for those working on related field, such as conducting cyber security oversight of payment and settlement systems. Those involved in IT audit will also be considered for the course.

Faculty

  • Tamas Gaidosch, Senior Financial Sector Expert, Monetary and Capital Markets, International Monetary Fund

Tamas's  responsibilities in Financial Regulation and Supervision Division include designing and rolling out IMF’s global Cyber Risk Technical Assistance program for financial sector regulatory and supervisory authorities, participating in financial sector surveillance, developing policy recommendations, and representing IMF on cyber-security matters in international standard setting bodies. Before joining the IMF, Tamas was in charge for IT Supervision at the Central Bank of Hungary (2015-2017). Prior to that position Tamas was a partner at Deloitte (2013-2014) being in charge for the firm’s Enterprise Risk Services in Central Europe. Earlier he worked at KPMG (1999-2013) as Head of Risk Consulting in Hungary. He holds a Masters degree in Computer Science, is an Executive MBA (Ecole des Ponts ParisTech), and holds CISA, CISM and CISSP certifications.

  • Ravikumar Rangachary, Senior Financial Sector Expert, Monetary and Capital Markets, International Monetary Fund

Ravikumar joined the cyber team in Monetary and Capital Markets Department in October 2020. Prior to joining the Fund, Ravikumar worked at the Reserve Bank of India as Chief General Manager, where he was responsible for setting up and operationalizing Cyber Security and IT Examination Group. During his tenure he put in place a cyber security framework, a cyber incident reporting framework and a key risk indicator framework for assessing cyber security. He was a member of the Cyber Lexicon Working Group as well as Cyber Incident Response and Recovery Working Group set up by FSB.

His other responsibilities during his long career have been facilitating setting up of Off-site monitoring system, heading the analytics function at the Department of Supervision and facilitating implementation of Risk Based Supervision. He worked as a member of faculty teaching regulation and supervision for over five years at the Reserve Bank Staff College. He also worked at Central Bank of Oman as an Expert in Supervisory / Regulatory functions for more than five years.

Ravikumar has an MBA and he is a CFA, FRM and CISA. He also attended Senior Executive Program at London Business School (2003) and Advanced Management Program at Columbia Business School (2019)

  • Emran Islam, Senior Financial Sector Expert, Monetary and Capital Markets, International Monetary Fund

Emran joined the IMF in 2020 as a Senior Financial Sector Expert in the Financial Regulation and Supervision Division. In his previous role, Emran was a Senior Oversight Expert at the European Central Bank (ECB) and the lead for developing and operationalising the cyber resilience strategy for the European Union. He was a part of the team that developed TIBER-EU, the Cyber Resilience Oversight Expectations, established the Euro Cyber Resilience Board, developed and operationalized the market-wide cyber exercise (UNITAS) and developed the Cyber Incident and Information Sharing Initiative (CIISI-EU). Emran has been involved in various international cyber groups, including the G7 Cyber Expert Group, the CPMI Task Force for endpoint security, the FSB Cyber Lexicon Working Group, the CPMI-IOSCO Cyber Working Group, the ESRB Systemic Cyber Working Group and the World Bank FIGI. As part of this international work, Emran has been involved in drafting the CPMI-IOSCO Cyber Guidance, the different G7 Fundamental Elements, the CPMI strategy for endpoint security and the FSB Cyber Lexicon. He was involved in the G10 Oversight of SWIFT and was the overseer of STEP2-T and EURO1. Prior to joining the ECB in 2015, Emran worked at the Bank of England for 5 years, where he was an FMI supervisor, as well as leading the cyber work for UK FMIs (inlcuding the development of CBEST). Emran is a Chartered Accountant, and has previously worked at Goldman Sachs, PwC, IBM and the central government. Emran has a BA and MPhil from the University of Oxford.

Partners

This learning initiative was supported by:

Bank of Slovenia International Monetary Fund