Public Safety committee  No, it's all right. I know the Department of Finance is working on a special paper right now on open banking both from a deployment regulation and a security standpoint. As Mr. Green said, to embed security from the outset will be important. The U.K. has already done quite a bit

Public Safety committee  It depends on what kinds of systems they are using. For example, there are private networks between the banks for SWIFT messaging, wire transfers and such, and then there are public networks for dealing with their customer bases. It depends on what criticality of asset they are

Public Safety committee  To reduce that is the goal. It's like coding a message when we used to send messages back and forth during the war in indigenous languages so they couldn't be read midstream. We do the same thing today. As a message is being sent through the wire, you try to keep it as decoded as

Public Safety committee  Sure, we try to focus on protecting data from end unit to end unit. While it's in transit, no one else should be able to read it. That is the goal, depending on whether people have the technology to be able to intercept and change and whatnot.... That is advanced technology. It i

Public Safety committee  Sir, I can take a first stab at it. There's not a great job done today of disclosing the nature of breaches in the general public. The banking group does share information in order to try to protect each other from getting hit by the same issue, but outside of that, that informa

Public Safety committee  The biggest issue they have is legacy sprawling systems, and proper hygiene over those systems is still extremely challenging. Security tooling doesn't really exist for a lot of older systems, where they have to build what we call a ring fence to protect that asset. It's still th

Public Safety committee  Yes. They would love to simplify that environment. It is challenging based on some of the old systems that are still required for the branch network and for other systems throughout their global network. It's certainly on their radar, but incredibly challenging and incredibly res

Public Safety committee  I'll add that the insider threat is the number one concern of most chief risk officers, because of the magnitude of the event when it occurs. You know, the Edward Snowden discussion comes up often in terms of national security. The idea that an insider has access to privileged in

Public Safety committee  I would say that they are investing heavily in protection in cybersecurity. There is brand and reputational risk. While in the community we talk about not competing on security itself, I believe the financial institutions do compete on customer trust. The biggest issue the finan

Public Safety committee  Third parties that service financial institutions are considered one of their greatest risks. The financial institutions develop a really strong security program but then can be weakened by an external party. Third party risk is something taken very seriously by the financial ins

Public Safety committee  I wouldn't say naive. I think we're a little bit more numb to cybersecurity events than other cultures. I think we're a little bit quicker to let it go. That would be my comment.

Public Safety committee  I can take that one. We do a technical review of most...in our community. It's a small community, so we benefit from the fact that we typically know someone who has worked with these individuals before. It's a plus and a minus, a pro and a con, but we often look at references an

Public Safety committee  Thank you for inviting us to this session to provide insights and field questions on cybersecurity in the financial sector. My name is Thomas Davies, and I am the National Financial Services Cybersecurity Leader for EY in Canada. I'm also a special adviser for financial crime f