Canadian RegTech Association
  • Home
  • Accueil
  • Leadership
    • Strategic Advisors
  • Direction
    • conseillers strategiques
  • Join
  • Adhésion
  • RegTech Directory
  • News
  • Nouvelles
  • Events
    • Past Events
  • Blog
  • Blog_FR
    • Pleins Feux sur les Members
  • Contactez nous
  • Événements
  • Media Library
    • Sponsor Videos - Annual Event
  • RegTech Round Up
  • Resources
    • AI paper - Moving Beyond Principles
    • ESG Paper --Canada's position in the Global Movement
  • RegTech Member Profiles
  • Firm of the Month
  • Contact Us

Fairness, Explainability and Transparency: What’s The Latest on AI in RegTech?

4/6/2022

0 Comments

 

An introduction from Matt Fowler, Board member of the CRTA

Picture
Following our November event where I was privileged to host an engaging panel of experts, representing a variety of industries, the team at Canadian RegTech have continued to partner with our member firm InvestNI (Investment Northern Ireland) as well as the various RegTech companies they represent. Here, as a follow on to the session, Dr. Fiona Browne talks about the focus that Datactics is putting on explainability and transparency as well as the need to develop a strong MLOps (Machine Learning Operations) framework, as use of data and the advanced algorithmic techniques associated develop at pace. 

 Dr. Fiona Browne, Head of Software development and ML at Datactics 

Datactics develops market-leading data quality technology from its base in Belfast, Northern Ireland. Our 60-strong firm provides user-friendly solutions across all industries, particularly for banks and government departments who are saddled with very large, messy data often in multiple platforms and silos and have a wide array of evolving regulations to demonstrate compliance with. In the last three years we have focused on augmenting our technology with machine learning and AI techniques. This approach is accelerating the level of data quality operations automation and prediction, with full explainability. 
  Although we are at the nascent stages of production AI, there are green shoots of good practice across the MLOps environment, especially in the areas of fairness, explainability and transparency. 

Fairness 
 For example, definition of fairness metrics to measure potential bias in AI datasets have been proposed by the likes of Microsoft (AI Fairness Checklist) and IBM (AI Fairness 360). Based on these metrics, practical steps can be taken to address issues such as balancing a dataset and penalising a bias at the algorithmic level, through favouring a particular outcome post-processing.  




Read More
0 Comments

We Are Hiring - Part-time Membership Co-ordinator

10/5/2021

0 Comments

 
​ABOUT THE ROLE:
 
This role will require approximately 10 hours per week with flexibility to set the day(s) on which the work will be carried out. There is an opportunity for this position to expand into a more substantive role as the association continues to grow and the successful candidate demonstrates value add to the Membership, Advisors and Board.
You will act as a liaison between the association and our member and advisor communities.  
More Details
0 Comments

disaster recovery Compliance in the cloud, Part 2 - Structured approach

9/24/2021

0 Comments

 
Picture
Compliance in the cloud is fraught with myths and misconceptions. This is particularly true when it comes to something as broad as disaster recovery (DR) compliance where the requirements are rarely prescriptive and often based on legacy risk-mitigation techniques that don’t account for the exceptional resilience of modern cloud-based architectures. For regulated entities subject to principles-based supervision such as many financial institutions (FIs), the responsibility lies with the FI to determine what’s necessary to adequately recover from a disaster event. Without clear instructions, FIs are susceptible to making incorrect assumptions regarding their compliance requirements for DR.
In Part 1 of this two-part series, I provided some examples of common misconceptions FIs have about compliance requirements for disaster recovery in the cloud. In Part 2, I outline five steps you can take to avoid these misconceptions when architecting DR-compliant workloads for deployment on Amazon Web Services (AWS).

Authored by: Dan MacKay, FS Compliance Specialist, AWS
Read More
0 Comments

Disaster Recovery Compliance in the cloud, Part 1, Common Mis-conceptions

9/24/2021

0 Comments

 
Picture
Compliance in the cloud can seem challenging, especially for organizations in heavily regulated sectors such as financial services. Regulated financial institutions (FIs) must comply with laws and regulations (often in multiple jurisdictions), global security standards, their own corporate policies, and even contractual obligations with their customers and counterparties. These various compliance requirements may impose constraints on how their workloads can be architected for the cloud, and may require interpretation on what FIs must do in order to be compliant. It’s common for FIs to make assumptions regarding their compliance requirements, which can result in unnecessary costs and increased complexity, and might not align with their strategic objectives. A modern, rationalized approach to compliance can help FIs avoid imposing unnecessary constraints while meeting their mandatory requirements.
In my role as an Amazon Web Services (AWS) Compliance Specialist, I work with our financial services customers to identify, assess, and determine solutions to address their compliance requirements as they move to the cloud. One of the most common challenges customers ask me about is how to comply with disaster recovery (DR) requirements for workloads they plan to run in the cloud. In this blog post, I share some of the typical misconceptions FIs have about DR compliance in the cloud. In Part 2, I outline a structured approach to designing compliant architectures for your DR workloads. As my primary market is Canada, the examples in this blog post largely pertain to FIs operating in Canada, but the principles and best practices are relevant to regulated organizations in any country.

Author: Dan MacKay, FS Compliance Specialist, AWS
Read More
0 Comments

AML foR real Estate and Crypto Currency

8/10/2021

0 Comments

 
Picture
Sionic Opinion piece that takes a look at FINTRACs new regulations for real estate and cyrpto currency and how to protect your firm through an effective AML/ATF program and instill confidence. 

By: Tara Rodgers, Director, Sionic
Opinion
0 Comments

What Is entity Resolution? And How does it Turn data into business Value?

4/1/2021

0 Comments

 
Picture

Guide to entity resolution by member firm Quantexa​
Read More
0 Comments

Member Firm ARCTIC Intelligence Wins Global REgTech Award

4/1/2021

0 Comments

 
Picture
Global financial institutions have an immense challenge to be able to ensure that they are operating in compliance with a multitude of jurisdictional specific privacy regulations  as it pertains to data access and data usage by their internal employees.
Understanding the regulations pertaining to
data privacy and usage and how they intersect with AML programs is something that our Canadian RegTech Association member firm Arctic Intelligence has invested heavily in.

We extend our Congratulations to Darren Cade & Rose Davitt & colleagues on being recognized by A-Team Group as ‘Most  Innovative Data Privacy Project by Design 
​

Read More
0 Comments

Canadian privacy law 2.0: Artificial intelligence (AI) and Bill C-11, the Consumer Privacy Protection Act

1/5/2021

1 Comment

 
 and In a recent announcement, the Canadian federal Privacy Commissioner of Canada (“OPC”) released a report containing recommendations on how AI should be treated under Canadian privacy law, and what protections need to be in place to ensure AI applications reach their potential without negatively impacting privacy rights of Canadians. The report entitled “A Regulatory Framework for AI: Recommendations for PIPEDA Reform” is the result of the consultations with stakeholders earlier, as discussed in our previous blog article, earlier in the year. The Commissioner received 86 submissions and held two in-person consultations.
Almost concurrently, on November 16, 2020, the federal government announced a tabling of legislation that will overhaul Canadian privacy law, namely, Bill C-11, “An Act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act and to make consequential and related amendments to other Acts.” We reported on Bill C-11 and the proposed replacement of Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”), being the Consumer Privacy Protection Act, in our first article in a series on the potential impact of Bill C-11. The Commissioner released a statement shortly after Bill C-11 was announced, commending many of the proposed changes, such as increased enforcement and order-making powers, but Commissioner Therrien also voiced significant concerns. In particular, the OPC is concerned with how the new law does not place privacy rights in the context of individual and human rights and fails to entrench it as such in the proposed Bill C-11.

This article was written by Myron Mallia-Dare and David Krebs from Miller Thompson LLP and published in Lexology on December 7, 2020. Myron is an advisor to the CRTA.
Read More
1 Comment

Future Ready - the impacts of Third party supplier risk

8/20/2020

0 Comments

 
​In the final blog of our Cyber Series, in partnership with Cube Global Vignesh Krishnamoorthy, explores the third-party risks presented by the ‘new normal’.

Work from anywhere. Cyber everywhere.
The COVID-19 pandemic forced business leaders worldwide to respond with unprecedented speed and efficiency to the new ways of working,  innovating, responding, collaborating, transacting… and surviving. Now, as organizations begin to plan for a post-pandemic world, they must ask themselves, “how can we make new ways of work productive, sustainable, secure, and safe?”

As COVID-19 spread from person-to-person, country to country, and beyond, Cyber delivered the integrity and availability of the networks needed to “work from anywhere” and the confidentiality to transact and transform with confidence across geographies.  For the world to continue to thrive in this new remote and virtual environment, even as COVID-19 wanes and surges in various regions, organizations will need to:
  • Establish a foundation of trust,
  • Adopt a “Cyber Everywhere” mindset,
  • Embrace a culture of perpetual resilience,
  • And lead from the front.
Many organizations already have determined they will never return to “business as usual” or “business before COVID” because they have seen increased productivity from allowing employees to work from home and they want to lock in those benefits. However, to thrive in this next normal, organizations need a sound strategy for managing Cyber risk. A “Cyber Everywhere” mindset is required. It means understanding the pervasiveness of Cyber and meaningfully embedding it in innovation, strategy, and process to ensure that Cyber enables the success of every initiative, allowing organizations to move more quickly, effectively, and securely.

Within every industry, organizations face challenges to both support their remote workforce and rapidly adopt online services and customer support channels. To address these challenges, organizations may now rely more on suppliers that provide remote access technologies or support essential services. However, the supply chain also introduces increased risk to these organizations as they serve as an extension of their operations.

Organizations need to understand the full landscape of risk third parties pose including, but not limited to, reputation, business continuity, financial viability, and privacy. From a Cyber risk specific lens, suppliers that lack the appropriate security controls for remote work expose their clients to Cyber-attacks that could compromise data or create system downtime, resulting in operational disruption and financial loss.

To reduce risk exposure from the supply chain, organizations must enhance existing risk frameworks to assess suppliers from a remote risk perspective. Clients should focus on the following three principles to ensure risks in their supply chain are effectively mitigated.
  1. Identify and re-prioritize critical suppliers.
    The massive shift towards remote working requires organizations to prioritize suppliers that have a direct connection into their environment or provide a critical process for their operations. Suppliers that connect directly to any infrastructure should be assessed to verify that their security controls protect their remote workforce and do not create any additional risks for the organization. The suppliers an organization may have de-prioritized due to the lack of strong organizational controls may now be at higher risk as those controls are no longer enforceable and controlled by the parent organization.
  2. Accelerate the review of critical suppliers.
    With the changing risk landscape post-COVID-19 – organizations have accepted a degree of risk with the shift to employers and suppliers remotely working from home.  It is recommended that organizations accelerate the review of these critical suppliers. Focus and priority should be put on suppliers at the top of the revised prioritized risk ranking as this will help the organization get a more accurate view of its supplier risk.  This would also be a good time to catch up on the backlog of suppliers that may not have been assessed in a timely manner – particularly if they have been prioritized as a higher risk.
  3. Enhance the supplier risk frameworks.
    Organizations should anticipate key entities within their supply chain establishing a permanent remote working environment as organizations observe continued productivity and lowered costs. Through its key clientele in all key industries, Deloitte anticipates a shift towards permanent remote working for a majority of the organization’s employees. Organizations can use the shift towards remote working as an opportunity to enhance their supplier risk frameworks and establish a methodology that considers risk associated with remote working at the forefront. In doing so, they can take a proactive approach to their risk management by anticipating a future state of work where the majority operate remotely.
Accelerating security imperatives of the future

As we are experiencing changes in our societal values, how businesses operate, and what customers demand, many leaders are thinking about the longer-term impacts of the pandemic and how their organization can achieve results in the future. In this new reality, organizations will serve customers differently, engage their workforce through evolving delivery/employment models, and face an increasingly complex threat landscape – and businesses have the opportunity to use cyber as a strategic differentiator to create a resilient enterprise of the future.

Ask the experts​ On 25th August, the CRTA and CUBE will be hosting an audience-led roundtable discussing the new normal for cyber.
  1. Register for the roundtable
    If you’ve got a question for Vignesh or any of the other experts, please use the link below to submit it.
    Ask a question
0 Comments

Future Ready - The Human Element of Cybersecurity

8/12/2020

0 Comments

 
​
​As an International Web Scientist, I can tell you that by the end of 2019 over 50% of the world was online, over 4 billion people. The global online community has been increasing approximately 10% per year since 2005. The world wide web is a fabric of permanence which technology has been leveraging to connect the world, the so-called globalisation of our society. This technical revolution has benefited every connected person based on their use of the technology. However, it has its dark side.

Based on an IBM survey, 77% of all organisations are not prepared for a Cyber Crisis. Insider threat is still a real risk, and we have come to associate this risk with exposure of personal data.

Based on 2019 data exposure report, 69% of companies admit that employees and contractors were the source of the leaks, obviously these were not predominantly malicious.
​
As part of the ITU survey for 2019, in 40 of the 84 of the countries less than 50% of the population has basic computer skills. It may surprise you to know that basic digital skills were considered by ITU to be whether staff could copy files or use email.

Read More
0 Comments
<<Previous

Home

Privacy Policy

Contact us

Terms of Use


© 2019 L’Association canadienne de la technologie réglementaire
  • Home
  • Accueil
  • Leadership
    • Strategic Advisors
  • Direction
    • conseillers strategiques
  • Join
  • Adhésion
  • RegTech Directory
  • News
  • Nouvelles
  • Events
    • Past Events
  • Blog
  • Blog_FR
    • Pleins Feux sur les Members
  • Contactez nous
  • Événements
  • Media Library
    • Sponsor Videos - Annual Event
  • RegTech Round Up
  • Resources
    • AI paper - Moving Beyond Principles
    • ESG Paper --Canada's position in the Global Movement
  • RegTech Member Profiles
  • Firm of the Month
  • Contact Us