Technology Record - Issue 30: Autumn 2023

FEATURE Microsoft executives Anu Chawla, Dave Dadoun, Lisa Lee and Daragh Morrissey explain how cloud-based solutions and artificial intelligence are helping to combat the challenges of regulatory compliance and cybersecurity BY ALICE CHAMBERS Risingto the challenge There is significant regulatory growth in financial services. And financial services are among the most highly regulated industries. It is also a primary target for cyberattacks. So how can firms keep up with the evolving compliance and risk landscape, while also ensuring their systems are secure? “We understand that financial services are a highly regulated industry, and that regulatory compliance is foundational to building a cloud that meets industry needs,” says Dave Dadoun, managing director of global regulatory compliance and worldwide financial services at Microsoft. “This is why we have over 100 certifications and offerings that span different regions and verticals. We collaborate with financial services regulators and customers to consistently comprehend industry needs. Through a productive feedback loop, we incorporate such insights into our services to develop necessary capabilities. “As regulatory requirements continue to evolve, as seen with the regulations in Europe under the Digital Operational Resilience Act, we will persistently collaborate with the industry, regulators, and other relevant stakeholders to meet regulatory expectations.” According to Dadoun, recent regulatory developments have had profound implications for how financial firms procure, implement, and manage their services and technologies. Ultimately, these implications boil down to risk management, monitoring cloud services, and formulating prevention, detection and response strategies against potential threats. Microsoft Cloud has been designed to help firms address the dual challenge of compliance and cybersecurity. Microsoft Compliance Manager is a built-in tool that simplifies monitoring regulatory compliance and helps reduce risk. It accomplishes this by providing users with a score for their current data protection, based on standards from the International Organization for Standardization, the National Institute of Standards and Technology, and regulatory requirements such as the General Data Protection Regulation. It then identifies key areas for improvement and prioritises recommended actions based on their impact on risk. “ With Purview, banks possess the tools to enforce their data classification policies and ensure that sensitive customer data is categorised and protected” LISA LEE, MICROSOFT 130