Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Bringing the Cloud back to earth: Compliance, operational and security considerations
Journal of Securities Operations & Custody,
12
(4),
386-391
(2020)
Abstract
The benefits to be obtained for individuals, or small- to medium-sized businesses, of moving to a Cloud environment are numerous, say its advocates. But to focus solely on the benefits and to ignore the potential risks would be a mistake. In addition to all the benefits that may accrue to firms seeking to move into a Cloud environment, there are also several areas which may pose problematic or more complicated to resolve than a superficial contemplation would disclose. This paper explores the regulatory, compliance and operational issues that should be considered by investment management firms when contemplating the move to Cloud computing.
Keywords: Cloud; compliance; records; fintech; cybersecurity; regulation
The full article is available to subscribers to the journal.
Author's Biography
Lynne M. Carreiro joined the US Securities and Exchange Commission (SEC) as a Compliance Examiner in 2000, post graduation from Vermont Law School. In 2005, Lynne left the SEC to become a Principal Consultant with ACA Compliance Group (ACA). Over the next 15 years, Lynne provided a variety of compliance consulting services to investment management firms, both registered and unregistered. In January of 2013, Lynne relocated to the UK with the mission of refining and expanding the US regulatory consulting practice for ACA. While employed with ACA, Lynne was also responsible for oversight of the client facing educational programming, including ACA’s twice-yearly compliance conferences. Throughout her career, Lynne has been focused on providing thorough, relevant and reasonable advice to assist investment management firms with adherence to SEC regulations. Lynne is presently self-employed and continues to provide compliance and regulatory advice to the investment management industry.
David Holman joined ACA Aponix in September 2019. As a Senior Principal Consultant in the London office, David conducts cybersecurity risk assessments and provides other consulting services that help clients assess their security posture and protect themselves against cyber threats. In this work, David applies the broad range of cybersecurity experience — including his specialised knowledge in the areas of FedRAMP (Federal Risk and Authorization Management Program), ISO 27001 (International Organization for Standardization), PCI– DSS (Payment Card Industry Data Security Standards), and the GDPR (General Data Protection Regulation) — that he gained from his 20+ years working in the field across various industry sectors. Prior to ACA, David was Head of Information Security for Huddle, a FedRAMP, ISO 27001, and Cyber Essentials Plus-accredited Cloud-service provider. Before Huddle, he worked as a cybersecurity consultant for S-RM Business Risk and Intelligence, and as a PCI-DSS QSA (Qualified Security Assessor) for Trustwave, where he also served as the primary PCI consultant for Shell. Adding to his wide technical background is his extensive experience as the lead technologist for several five-star hotels in London. David also holds the Certified Information Systems Auditor and ISO 27001 Lead Implementer certifications.
