Having worked for Compliance Week for three years, I’ve always found it remarkable how compliance professionals can be so consistently upbeat about their plight.
An often refrain in compliance circles is “be comfortable with being uncomfortable.” As difficult as the job can be, that clearly doesn’t mean it can’t be fun. Whether they’re using “Star Wars” references in compliance training or sports analogies for how to respond in a crisis, compliance practitioners have a way of explaining extremely complex business dynamics in layman’s terms.
It’s why I love attending Compliance Week events. Especially in the work-from-home culture that many of us have thrived in, face-to-face interaction is fleeting. It’s likely a big reason behind calls for a return to the office, whether from big banks, big tech, or the new big boss in the White House.
With this in mind, join us Feb. 10-11 in Alexandria, Va., for Compliance Week’s Cyber Risk & Data Privacy Summit, returning in person since before the pandemic. The summit will bring together legal, compliance, and risk professionals to benchmark best practices on managing cyber risks and provide insights into the latest data privacy trends.
Here are five reasons I’m excited about the summit:
1. From the horse’s mouth
Getting clear guidance from regulators is always difficult, so what’s better than hearing advice right from the source?
Officials from the Securities and Exchange Commission (SEC), Financial Industry Regulatory Authority (FINRA), and Department of Justice (DOJ) will be on tap to provide much-needed transparency and clarity.
Greg Walters, an attorney in the SEC’s Office of Information, Technology, and Cybersecurity, will be joined by Avani Desai, CEO at Shellman, to discuss the pros and cons of standardizing cybersecurity measures across industries and ask an important question: Does one size fit all for cybersecurity controls?
Patrick Gushue, acting director at the DOJ’s pilot corporate whistleblower program, will speak as part of a session on the vital role cybersecurity whistleblowers play in corporate compliance. Gushue spoke in November as part of a Compliance Week webcast on how the pilot whistleblower program was shaping up so far.
2. Crypto clarity or consternation?
Jamie Udinson, senior director of Crypto Assets Investigations and the Cyber & Analytics Unit at FINRA, will speak during a panel about cryptocurrency regulation. She will be joined by David Adams, partner at Mintz, and Carlos Orozco, supervisory special agent and program manager in the Internal Revenue Service–Criminal Division–Office of Cyber and Forensic Services.
President Donald Trump has promised to wave bye-bye to many regulations and cut red tape, especially at the SEC. The day after he returned to office, the agency launched a Crypto Task Force to try and bring regulatory clarity to an industry that has so far been “conducive to fraud,” the SEC said in a press release.
However, while the agency under former President Joe Biden went after crypto firms that failed to register, or that engaged in outright fraud, there was never any detailed guidance on data privacy for digital asset systems. A researcher at the Federal Reserve Board did write a working paper for the Finance and Economics Discussion Series in September 2023 that touched on a possible solution.
”Specific combinations of privacy-enhancing technologies, such as fully homomorphic encryption, zero knowledge proofs, and secure multi-party computation, could provide a nuanced and novel approach to data privacy coverage across multiple tiers and use cases within a digital asset’s ecosystem,” wrote Jillian Mascelli, manager, technology research at the Fed.
3. Trump’s deregulation wave
William Nelson, director of public policy and associate general counsel at the Investment Advisers Association, will speak on a panel that will focus on how the Trump administration’s cyber policy will differ from that of Biden.
Under Biden, the SEC punished firms that were breached in cybersecurity incidents for not properly addressing failures in their cybersecurity protocols that facilitated the breach. A high-profile case against Solarwinds, which was partially dismissed in August, centered around the arguement that a company’s “system of internal accounting controls” includes cybersecurity controls.
Nelson told Compliance Week that the SEC under Trump will likely drop that part of future enforcement actions involving data breaches.
The agency will instead focus its attention on thwarting criminal hackers and making sure firms prevent future breaches, he said. The SEC will also potentially pay more attention to investor harm in areas like stolen/lost funds and theft of personal data.
Under Trump, the SEC could also pursue additional enforcement actions against firms that don’t properly destroy old data, allowing it to be accessed by bad actors or sold by unscrupulous vendors. Morgan Stanley was fined $35 million September 2022 for decommissioning two data centers but not properly disposing of its computer servers and hard drives, which still contained personal data of customers.
4. Expert advice with a side of popular culture
Timothy Miller, lead compliance officer at Morgan Franklin, will speak at the summit about security breach best practices.
He told Compliance Week that conducting a business impact analysis can help provide insight into what are the most critical systems that would materially impact a business if it went down.
Miller said during a security breach, in all the drama of business operations being shut down and sensitive data being held for ransom, it’s very much like an episode of “24,” which rose to popularity in the aughts for its real-time theatrics.
“What happens in the first 24 hours? It’s a vital thing to know that in advance,” he said.
5. Perfect space for mentorship, networking, professional development
Compliance Week events like our Cyber Risk & Data Privacy Summit give compliance professionals a safe space to talk about important issues facing their industry. All our sessions, including comments by attendees, are under Chatham House Rule, meaning everything is off-the-record unless the presenter or delegate gives express permission to be quoted.
We strive to provide mentorship between senior compliance practitioners with their more junior counterparts, which gives attendees looking for their next career move an idea on how to climb the ladder and the tools and knowledge they need to do it.
No comments yet