Lessons from Facebook's outage: comms & orchestration are...
The evolution of Incident Management part 1: In the...
Operational Resilience is a journey, not a destination
Meet the team: Craig Gregory, CISO
How Cutover enables organizations to build cyber resilience
Can surgical scrutiny save us from Fastly outages?
Enterprise Agility: What does Business As Usual look like...
February 11, 2021
Cutover’s Head of Enterprise Resilience for Global Accounts, Steve Piggott, sat down with Customer Success Manager and Regulatory Expert, Ann Ghanie, to discuss how organizations can improve their regulatory rating and deal with changing regulatory challenges going into 2021. There were loads of great takeaways from the must-watch session, so we have shortlisted our favorites in this blog post. For the full insights, and some great anecdotes from the field, why not watch the session in full or download Ann’s e-Guide?
The role of technology
Technology will play a key role in improving regulatory processes, but the aim should be to enable people with technology, rather than have them feel they are competing with it. Governance and culture will underpin how technology is used and how effective it is.
The importance of culture
According to Ann, who has been working with financial firms for years, “tooling and third-party systems directly impact culture.” Tools that enable a reactive culture will have a negative impact as being reactive to potential threats or problems is no longer sufficient for today’s regulatory standards.
Culture is ultimately about how the people that make up the organization behave. If your systems and toolsets are siloed and enable reactive and highly manual work, this will be reflected in culture. If you’re trying to create a more proactive culture, you need a toolset that will enable and drive that type of behavior.
The difference between passing and failing
Having a culture of resilience means building resilience into every tool and process from the very beginning, and thinking about:
How the process can be more transparent
How it can be repeatable and compliant
Who is impacted
Which stakeholders contribute to it
If there is a technology component that you will need to test and failover
What the upstream and downstream dependencies are
How it fits into the firm’s ecosystem
Whether you can report on it in real time or close to
Thinking this way creates a culture that doesn’t shy away from the hidden data within the organization. Information like this often surfaces during an audit and can be the difference between passing and failing. Having it all on the surface from the beginning will put you in a better position and make your regulatory reporting easier and more likely to be a success.
Creating a culture of resilience
Companies across all industries are creating more of a resilience culture, with not just a focus on IT and architecture but also on employees. The past year or so has shown that companies that have resilience built into everything they do will be able to pivot and respond to new and unforeseen challenges much more effectively than those that don’t.
According to Ann, “ultimately, culture eats strategy for breakfast”. COVID forced companies to work differently and change at speed, which was a struggle for those that did not have resilience and agility built into the fabric of the company. So when you’re thinking about your toolset, think about what types of behaviors you’re enabling - whether proactive and transparent, or reactive.