EU and UK Operational Resilience (OpRes) implementation packages are creating nervousness at end-of-year gatherings this year. In the wake of CrowdStrike this July, regulators pushed ahead with their detailed standards, and we have now catalogued over 93 documents, spanning 3,304 pages and nearly 46,000 paragraphs across our EU, UK documents, which defines the law of
The latest JWG survey results and insights reveal why collaboration between vendors and firms is critical to operational resilience. Contact us Introduction The Digital Operational Resilience Act (DORA) is more than a looming regulatory deadline: it is a call to action for the entire financial ecosystem to rethink how our digital supply chain is managed,
As the clock ticks down to the EU’s 17 January 2025 Digital Operational Resilience Act (DORA) deadline, suppliers face a unique opportunity to redefine their role. This isn’t just about compliance—it’s about fostering transparency, breaking silos, and becoming true partners in resilience. Far from being too late, now is the perfect time to get started.
As the Digital Operational Resilience Act (DORA) prepares to reshape the regulatory landscape for digital asset providers by 2025, businesses are under increasing pressure to implement robust operational resilience strategies. As JWG and Memery Crystal’s ‘Decoding DORA’s Digital Asset Impact’ roundtable, held under Chatham House rule with industry experts revealed this month, the distinct challenges
Despite various regulatory initiatives, the road to robust operational resilience is far from clear. We are still very much in the “foothills” of creating effective, adaptable resilience frameworks. Firms and their suppliers should view the Digital Operational Resilience Act (DORA) as the foothills of the Operational Resilience (OpRes) mountain, not the gold standard. By the
This week, ten leading financial institutions gathered at JWG’s Winning the OpRes Marathon roundtable in London to debate the evolving challenges of the Digital Operational Resilience Act (DORA) and other global Operational Resilience (OpRes) regulations. Hosted by First Derivative and facilitated by JWG under the Chatham House Rule, the discussions underscored the urgency for financial
In today’s interconnected world, operational resilience has become a top priority for financial institutions. With the implementation of the EU’s Digital Operational Resilience Act (DORA), organizations are being urged not only to get ready for storms, but to strengthen their overall infrastructure and how their fate is tied to the fleets they sail with. Captains
In the global race for Operational Resilience (OpRes), climbing the DORA hill is the ultimate test for financial entities in Q125. JWG’s analysis reveals that DORA standards equips institutions for the UK’s requirements but the gap between UK obligations and DORA will trip some runners up. The reality is becoming clear: financial entities and their
Background: The EU digital asset agenda is not all about MiCA. To offer digital assets in Europe and the UK, firms and their suppliers will need to adhere to the EU Digital Operational Resilience Act (DORA) and corresponding UK regime in Q1 2025. Key insight: JWG, the industry’s regulatory think-tank has used its AI-natural language
This summer, EU regulators delivered final Digital Operational Resilience Act (DORA) standards and the FS sector now has a little under 100 days for a ‘great repapering’ of policies, contracts, procedures, control logs, regulatory reports and supplier databases. Billions are being spent as lawyers and consultants prepare for board room panics in September over this
To discuss Digital Surveillance Rule (DSR) programme objectives and determine next steps.
Europe took a big step towards Digital Operational Resilience last week by issuing half of its new final technical standards one year from its implementation deadline. JWG has analysed the new, final standards and the second batch of DORA consultations with other technology efforts underway across the globe. We find that while some welcome clarity
Since the year 2000, banks have been fined almost a third of a trillion dollars. Yet, every year billions more are imposed. Why? This book explains why banks break the law (it’s not just the money), explains the challenges facing Compliance functions, considers that the majority of financiers don’t want to do wrong, and puts
New JWG research JWG, the trusted financial services regulatory intelligence company, has announced the publication of a ground-breaking research paper ‘Embedded Compliance Unlocked: Leverage AI-enabled compliance tooling now to be ready for 2025.’ With the relentless demand for improved compliance and cost/income ratios, financial institutions of all sizes are experiencing pressure to upgrade their approaches.
This report is intended to help senior IT, Risk and Compliance managers to understand new regulatory demands and their implication on investment firms and their suppliers
New JWG research JWG, the trusted financial services regulatory intelligence company, has announced the publication of a ground-breaking research paper ‘Embedded Compliance Unlocked: Leverage AI-enabled compliance tooling now to be ready for 2025.’ With the relentless demand for improved compliance and cost/income ratios, financial institutions of all sizes are experiencing pressure to upgrade their approaches.
US Regulators fired a $555m shot across Wall Street’s bow last week by holding them accountable for their employees’ pervasive use of unauthorized communication methods, like private texts and in some cases WhatsApp. This is the second batch of ‘market moving’ fines in the US within a year , yet no other country has followed
Digital Operational Resilience Act (DORA) technical standards, due to come into force in January 2025 have been released to a quick retort from industry. AFME and EACB warn of missing data, confused risk controls to implement tough new data and reporting requirements. Firms and their suppliers now have a little over 400 working days to
In response to mounting global concerns about generative Artificial Intelligence (AI), legislators and stakeholders have been listening hard to technologists while finalizing tough new rules for digital non-financial risk. Will AI be a wake-up call for firms to define ‘what good looks like’ for infrastructure standards before massive fines start to land? To avoid a
RegTech promises to turn policy documents to rule sets that describe what good looks like in the operational language of the systems used by the business. AI can play a role in applying controls, but it needs to be carefully supervised so that the humans are in the loop and overseeing the code. Experts at
Trading desks face unprecedented levels of regulatory change from the mechanics of the markets and how they monitor them, to how they interact with customers, the way they de-risk their technology suppliers and provide information to regulators. This article summarises the critical changes and lays out the context for our 22 March virtual trading seminar.
The aim of this group is to look at the broader frame of supervisory technology (SupTech) with a view to creating a paper covering challenges and 2022 priorities
New policy efforts in by Australian, US, UK, EU and International rule setters will widen the scope of regulatory oversight for financial institutions to include ‘how’ the business runs. As we have seen with US Federal reserve consultation released this week, boards are on the hook for a holistic approach to ensuring their digital infrastructure
New UK and EU regulations are forcing banks to demand new controls from their suppliers. Not only do they now need a comprehensive view of how each supplier fits in, but they also need to know how to swap them out. Senior managers across the bank should be working to establish plans now for these
Think-tank JWG urges Financial Services firms to collaborate with suppliers to close infrastructure gaps as fines loom London, UK – 13 September, 2022 – JWG, the trusted financial services regulatory intelligence company, has announced the publication of a ground-breaking research paper ‘Managing Digital Infrastructure Risk: a collaborative path to financial services safety’. New regulation will fundamentally
This report is a companion guide to a larger research report, ‘Managing Digital Infrastructure Risk: A collaborative path to financial services safety’ produced by JWG. It is intended to help IT managers understand the implication of new regulatory demands on the IT supply chain.
This report is intended to help senior IT, Risk and Compliance managers to understand new regulatory demands and their implication on investment firms and their suppliers
JWG, the trusted financial services regulatory intelligence company, has announced the publication of a ground-breaking research paper ‘Managing Digital Infrastructure Risk: a collaborative path to financial services safety’. New regulation will fundamentally change the landscape for the biggest tech companies–particularly cloud providers. By 2025, overlapping requirements to mitigate operational resilience threats (UK PS6/21,DORA); control third
The aim of this group is to look at the broader frame of supervisory technology (SupTech) with a view to creating a paper covering challenges and 2022 priorities
Hack-to-trade schemes and confidential information dealing on the dark web, combined with regulatory warnings about firms’ management of material non-public information (MNPI), are raising further concerns about markets’ ability to keep a lid on insider dealing and other forms of manipulation. The number of cases brought against individuals using stolen data or MNPI to trade,
The great work-from-home experiment forced traders from the office and digital surveillance teams into overdrive. RegTech can provide a path forward through serious legal obstacles that stand in the way of effective oversight. However, good compliance is not just about the tech and we need collaborative action to make surveillance RegTech fit for purpose. The
Global regulators are producing a steady flow of operationally-intensive rules focused on new digital risks in 2022. Amongst them, cybersecurity is emerging as a top pain point as more persistent attacks threaten banking supply chains. New, deeper and aligned controls are now the order of the day. In this article we summarise the main components
The aim of this group is to look at the broader frame of supervisory technology (SupTech) with a view to creating a paper covering challenges and 2022 priorities
The aim of this group is to look at the broader frame of supervisory technology (SupTech) with a view to creating a paper by December 2021 covering challenges and 2022 priorities
The aim of this group is to look at the broader frame of supervisory technology (SupTech) with a view to creating a paper by December 2021 covering challenges and 2022 priorities
Executive summary As regulators focus on Operational Resilience firms need to realign their risk frameworks Without this alignment, firms risk overlaps and gaps in their controls Third parties play a key role in aligning controls and service metrics for your board Fines or excessive cost benchmarks are in store for those that get it wrong
Behavioural monitoring and conduct analytics technology promise to make it easier for firms to detect employee misconduct as well as predict where it might occur next. However, reliance on data- and technology-led solutions may fail to deliver insights and controls, while increasing firms’ exposure to data privacy risks and ethical issues. The emergence of surveillance
The Bank of England and the Financial Conduct Authority (FCA)-convened Artificial Intelligence Public-Private Forum (AIPPF) this month discussed potential accountability and governance frameworks that could form future guidance for the use of AI in financial services. Senior management accountability as well as the creation of a chief AI officer role were contemplated as oversight options,
The aim of this group is to look at the broader frame of supervisory technology (SupTech) with a view to creating a paper by December 2021 covering challenges and 2022 priorities
JWG Q421 research reveals major regulatory battles for information on third parties in 2022, which has massive implications for FS suppliers. Combined with Cloud, AI and other new controls, knowing your supply chain just became a lot more critical and complicated. Without standard supply chain messages, regulators, regulated firms and their suppliers run the
Technology, data and infrastructure provision to banks now puts 3rd parties on the critical path for systemic oversight. Knowing your supply chain just became a lot more critical and complicated. There is an opportunity to take the pain away with a more joined up approach that requires senior engagement, trust and ‘safe space’
The aim of this group is to look at the broader frame of supervisory technology (SupTech) with a view to creating a paper by December 2021 covering challenges and 2022 priorities
Following a great discussion about the major surveillance AI control gaps highlighted by JWG’s July research the FATF and BIS have both published complementary AI policy papers. With penalties of up to 6% of annual revenue 500 working days away, we have decided to build RegTech AI surveillance use cases to: Tease out the
Although no international guidelines on AI exist, the EU is way ahead in policy formulation with a very clear view of what good looks like. JWG research has revealed major control gaps to other jurisdictions and draconian penalties for those that don’t comply in 2023. In preparation, we will be developing detailed business use cases
Presentation from SIG meeting on 27 July to review updates to the trade surveillance regulatory agenda, review global artificial intelligence gaps and agree next steps.
JWG summarized regulatory 2021 reporting efforts and explained how there are both prudential/statistical ‘top down’ or more aggregated reporting (e.g., Risk, ESG) with the ‘bottom up’ more transactional data collection (e.g., EMIR, MiFID, CSDR). The RRDS agenda will seek to share lessons learnt across both types of regulatory reporting innovations this year. Though concepts have been proven and studies generally align, without a more concrete description of the future risk information system which extends today’s notion of ‘data’ to include ‘language’ regulatory data efforts will continue to cost tens of billions while failing to achieve their policy objectives.
Following our discussion of several global accountability regimes and forthcoming culture audits we are turning our attention back to AI. This is a very noisy space with Germany, UK, Japan and the US all mandating new controls in advance of MiFID III update which could raise the algo trading bar even higher. In this
JWG summarized regulatory 2021 reporting efforts and explained how there are both prudential/statistical ‘top down’ or more aggregated reporting (e.g., Risk, ESG) with the ‘bottom up’ more transactional data collection (e.g., EMIR, MiFID, CSDR). The RRDS agenda will seek to share lessons learnt across both types of regulatory reporting innovations this year
UK banks’ annual reports show an emerging understanding of operational resilience that emphasises business continuity planning and conflates pandemic performance with high operational resilience. Banks have asked regulators for more guidance on what they want operational resilience work to look like. That safe harbour will not be forthcoming, and firms need to work on evolving
In an increasingly digital sector with divergent rule sets, the ability to manage the global compliance deltas in complex senior management accountability rules is fast becoming a critical differentiator for senior management seeking to work across borders. As we summarized in our latest Beacon, JWG’s surveillance community has covered quite a patchwork of regulatory obligations
JWG’s 2020 research has found that the financial services market exhibits an ever-growing blind spot from technology risk which lurks off balance sheet. High profile outages like Google and Microsoft have underlined the issue for both the regulator and regulated this month. This point has not been lost on regulators who in the middle of
JWG is proud to announce the publication of a ground-breaking research report ‘Risk control for a digitized financial sector.’ The analysis identifies a large systemic technology risk blind spot which regulators must take the lead in addressing. JWG urges Financial Services regulators and firms to collaborate with technology firms on new RegTech standards in advance of cloud and data crises. The paper, which incorporates findings from JWG’s RegTech 2.0 conference and dozens of discussions with regulators, regulated and academia, builds on 10 years
How a firm manages data is now intrinsic to its value, yet the FS risk management framework provides no way to account for IT obsolescence, cloud concentration and data risks on the balance sheet. An explosion of advanced computing capability facilitated by cloud technology has provided massive benefits to both regulated financial institutions and their
The UK’s Prudential Regulation Authority (PRA) has commissioned 11 skilled persons reviews under Section 166 of the Financial Services and Markets Act 2000 into firms’ regulatory reporting in the last two quarters. The PRA commissioned nine prudential s166 reviews of deposit takers in the fourth quarter 2019/20 (December through February), according to publicly available information.
FS Compliance officers have been hit with an unprecedented deluge of 3,021 COVID-19 alerts 2 months into the pandemic, which JWG forecasts to be a total of 15,695 documents by year end. Regulators expect firms to be able to navigate these difficult circumstances while delivering fair outcomes for customers and complying with existing rules. That’s one of the clear messages in these 3,000 plus regulatory updates. Better RegTech tooling is
The past year has been illuminating for the RegTech market, the past twelve months has seen an increase in discussion on the application of technology to regulatory compliance. We have seen action from the regulators, including the FCA’s recent TechSprint in which we at JWG were involved, and major regulatory initiatives, most notably MiFID II,
This is the first in a series of occasional blogs we’ll be writing about what Brexit means for IT and IT Law in the coming weeks and months. It looks at the choices facing the UK IT industry around Brexit and Article 50. In the second, Deirdre Moynihan reviews what Brexit is likely to mean
In a week which has seen cyber-risk cement itself on the agendas of regulators across the world, we’ve witnessed action in the trading space with plenty of developments occurring in Europe’s markets in financial instruments’ overhaul, as well as a concerted effort to rethink the way in which regulations and regulators work in the financial services industry.
On 24 March, as part of the UK’s effort to set rules to transpose the Markets in Financial Instruments Directive (MiFID II), the Prudential Regulation Authority (PRA) set out its proposals in its first consultation paper. The application deadline for MiFID II/R has been delayed by one-year to 3 January 2018, with just the European
By Sam Tyfield, Vedder Price. Algo flagging is currently only the concern of direct members of German venues. But it’s going to have a much broader application under MiFID / MiFIR and become of concern to the buy-side too. Yesterday, the good Doctor Voigt of Fidessa published a blog about algo flagging. It is well worth
JWG analysis. While the US HFT debate rages and the FBI launches its investigations, Europe is quietly preparing to set a hard-hitting set of new rules for technical standards. When ESMA begins its consultation around MiFID II / MiFIR tech standards this summer, market participants will need to have their ducks in a row and
JWG analysis. Earlier this month, New York Attorney General (NYAG), Eric Schneiderman, set out his stall with a scathing attack on high frequency trading firms and their practices. Describing HFT firms as ‘parasitic’ and comparing their strategies to “Insider Trading 2 .0”, the NYAG’s statement would have been music to the ears of financial luddites
JWG analysis. When the requirement brought about by the German high frequency trading act to tag algorithms comes into force in April of this year, market participants may well feel hamstrung by the complexity of the regime. And while the regulatory goal of improving market surveillance and reducing systemic risk may be valid, some might