Case Study

Enhancing cybersecurity by reducing complexity for an entire industry

The financial services sector has a more detailed appreciation of risk and compliance than many other industries, and in a strictly regulated environment, it is critical that companies stay abreast of the regulatory and technological developments.

December 8, 2020

Est. reading time 7 minutes

The Challenge

Across the industry, financial institutions and insurance companies were diverting critical human and financial resources away from preventing cyber threats in order to manage burdensome compliance requirements. This complicated regulatory environment resulted in inefficiencies, lost time, and substantial financial impacts for financial institutions. According to the Banking Policy Institute, one chief information security officer indicated that his team lost 40% of their time reconciling various cybersecurity and regulatory frameworks. BCG Platinion was brought in by a global coalition of 150 companies to develop the architecture of a unified cybersecurity framework that would improve cybersecurity outcomes while reducing costs.

‍

The Approach

Working with BITS, the technology division of the Banking Policy Institute, and a coalition of over 150 financial services institutions, BCG Platinion developed the Financial Sector Cybersecurity Framework Profile, which harmonizes and consolidates regulatory requirements. The project began by performing exhaustive reviews & analyses of disparate regulations & frameworks to create a single harmonized taxonomy & lexicon. Based on the insight, BCG Platinion provided technical thought leadership to the industry to achieve critical business & cybersecurity objectives while reducing costs. The process took 18 months and involved over 40 working sessions with more than 300 individual experts. Participating organizations ranged from community banks and credit unions to large multinational banking, investment, and insurance firms.

‍

‍

The Impact

Created a flexible framework for companies of all sizes & complexities
Saved financial institutions countless hours and compliance costs.
Addressed 80% to 90% of regulatory requirements, providing regulatory evidence to be shared among multiple regulators

‍

‍

Looking Into the Future

The profile now allows institutions and individual regulators to focus on the core elements of their cybersecurity risk-management missions. And it eliminates the need to “reinvent the wheel” for every new rule. It is expected to address regulatory requirements at any given point in time, providing for a single set of regulatory evidence to be shared among multiple regulators. In this way, it frees regulators and companies to focus on the areas of the greatest priority and need.

More to Explore

Enabling the e-Mobility Evolution in Energy

In 2021, the EU Commission presented the Fit for 55 proposal. This ambitious, comprehensive set of climate policies has been compiled to ensure that a 55% reduction in greenhouse gas emissions is achieved by 2030. The EU successfully reached agreements on the proposal’s key policies, including the goal that only zero-emission cars will be sold from 2035 onwards. Meeting the 55% GHG reduction target will be a crucial milestone on the journey to achieving Net Zero by 2050, and organisations are eager to maintain momentum. Recognising the challenging nature of these targets, a multinational utility company that offers B2B and public charging services faced a key question. The organisation wanted to understand whether its proprietary B2B charging platform would be able to scale to handle the anticipated increase in B2C charging customers.

Teaming Up For Disaster Mitigation

Everybody is feeling the impact of climate change on the environment – for instance, in the form of dramatic natural disasters in areas that were previously rarely affected. As such, a catastrophic natural disaster in the heart of a Europe has severe consequences, including loss of lives and livelihood. BCG and BCG Platinion were immediately on hand to enhance resilience in a European region hit by the worst catastrophe in its recent history. The team worked with passion and deliberation to develop a sustainable and resilient concept to better deal with similar situations in the future.

The Core & Beyond - A Tailor-Made Transformation

Replacing or keeping the legacy Core Banking System (CBS) is one of the most fundamental decisions for a financial institution to make. This strategic bet should be carefully evaluated, with three key aspects in mind: a clear view on the entire IT platform (wider than legacy CBS and its constraints), a strategic vision set within a specific time horizon, and the return on investment. For organizations with a burning platform, CBS replacement may be a necessity, but in many cases the real investment potential is located elsewhere – in areas such as data platforms, integration layers, portals, or process engines. This alternative approach leads to numerous non-trivial questions: Where does the value come from? Is legacy the real issue? Which areas to reinforce and in which order?