About the FinCyber Strategy Project

In 2019, Carnegie’s Cyber Policy Initiative launched a project to develop an ‘International Strategy for Cybersecurity and the Global Financial System (2021-2024)’ released in November 2020. Most of the initiatives undertaken by governments and industry following the 2016 Bangladesh incident had been reactive lacking a more long-term, coherent vision for how to protect the financial system against cyber attacks. To make the sum larger than its parts, the Carnegie project built on existing efforts, identified gaps, and outlines a more comprehensive approach to maximize the impact of existing activities, strengthen the connective tissue between them, and to propose next steps. This includes outlining how emerging best practices and lessons learned could be internationalized and implemented.

An international advisory group provided input and feedback throughout the project in addition to Carnegie’s engagement with 200+ stakeholders and the partnership with the World Economic Forum established in February 2020.

The final report is available here.

The executive summary is available here.

Advisory Group

Lyndon Nelson

Lyndon Nelson has served as deputy CEO of the Prudential Regulation Authority since 2016, chairing the executive meetings on supervision, policy and risk issues. He is also executive director for Supervisory Risk Specialists and Regulatory Operations and a member of the Bank of England’s Executive Director Committee and Executive Risk Committee. Previously, Nelson was executive director for UK Depository Taker Supervision. His international commitments include representing the UK in the Basel Committee on Banking Supervision and he co-chairs the G7 Cyber Experts Group.

Paolo Ciocca

Paolo Ciocca currently serves as commissioner of CONSOB, the Italian financial services regulator. He is also a nonresident scholar in Carnegie’s Cyber Policy Initiative and focuses on the intersection of finance, security, and data economies. His interests include FinTech regulation, technological innovation in the financial sector (AI), cybersecurity of financial market infrastructures, and financial intermediaries. In his prior capacity, he acted as deputy director-general of the Italian security Intelligence Department, and oversaw the implementation of an Italian national cybersecurity strategy throughout the private, public, and research sectors.

Art Lindo

Arthur (Art) Lindo is the deputy director for policy in the Federal Reserve Board’s division of supervision and regulation. His principal responsibilities include overseeing the development and assessment of the effectiveness of Board regulations and policies affecting the financial services sector and coordinating the Board’s domestic and international regulatory programs. He also advises the Board on emerging policy matters that have implications for the supervision and regulation of the financial services sector. His various committee assignments currently include serving as the chairman of the Basel Committee’s operational resiliency working group.

Tobias Feakin

Tobias Feakin is Australia’s inaugural ambassador for cyber affairs. He leads Australia’s whole of government international engagement to advance and protect Australia’s national security, foreign policy, economic, trade, and development interests in the internet and in cyberspace. Feakin was a member of the Independent Panel of Experts that supported the Australian Cyber Security Review to produce Australia’s 2016 Cyber Security Strategy. Prior to joining government, he was the director of national security programs at the Australian Strategic Policy Institute from 2012 to 2016 and established the Institute’s International Cyber Policy Centre. He has also held a number of research and advisory positions, including with the Royal United Services Institute for Defence and Security Studies and the Oxford University Global Cyber Security Capacity Centre. Feakin holds an honors degree in security Studies and a doctorate of philosophy in international politics and security studies, both from the University of Bradford.

Tan Yeow Seng

Tan Yeow Seng heads the Monetary Authority of Singapore’s Technology and Cybersecurity Risk department which is responsible for cybersecurity strategy and policies for the financial sector, supervising financial institutions’ technology risk, and business continuity management. In November 2017, Tan was appointed as MAS’ chief cyber security officer (CCSO) whose role involves strengthening the cyber resiliency of MAS and the financial sector. In this role, he pursued a number of initiatives to uplift the cyber competency of the Singapore financial sector through the promotion of cyber threat information sharing and surveillance as well as cross border collaboration to combat cyber threats.

Jon Fanzun

Jon Fanzun is the special envoy for cyber foreign and security policy at the Federal Department of Foreign Affairs (FDFA). The office of the special envoy is responsible for the strategic and operational management and design of Switzerland’s cyber foreign and security policy. It deals with the challenges that developments in the digital world pose for Switzerland’s foreign and security policy. From 2012 to 2018 he was chief of staff of the FDFA (for two federal councillors). He also served two years as senior advisor to Federal Councillor Burkhalter at the Federal Department of Home Affairs (2010-2012). Prior to that he worked for the FDP - The Liberals (as group secretary). From 1997 to 2003 he worked at the Center for Security Studies at the ETH Zurich. He studied international relations and holds a PhD in political science from the University of St. Gallen (HSG).

Cheri McGuire

Cheri McGuire served as group chief information security officer at Standard Chartered Bank from June 2016 to December 2019. In this role, she regularly briefed the board of directors, executive team, and regulators on the cyber security risk posture of the bank. In addition, she successfully established a new global cyber risk management function for Standard Chartered, and developed a comprehensive, multi-year transformation and remediation program that was approved by the board. Prior to Standard Chartered, McGuire served for six years as vice president of global government affairs and cybersecurity policy at Symantec. McGuire also served in numerous positions at the U.S. Department of Homeland Security, including as head of the National Cyber Security Division/U.S. Computer Emergency Readiness Team (US-CERT). In 2017, the Monetary Authority of Singapore appointed her to its first International Cyber Security Advisory Panel. She also previously served on the Europol Advisory Group on Financial Services, the George Washington University Center for Cyber and Homeland Security Board, and the UK Cyber Defence Alliance Board. Previously, McGuire served on the World Economic Forum Global Future Council on Cybersecurity, the National Cyber Security Alliance board, and the Industry Executive Subcommittee of the President’s National Security Telecommunications Advisory Committee. She currently serves on the Board of Directors for Entrust Datacard Corporation and on the Executive Advisory Board of Tenable.

Natasha de Teran

Natasha de Teran is the former head of corporate affairs at SWIFT, a role in which she led SWIFT’s communications during the Bangladesh Bank cyber attack and the Belgium-based cooperative’s subsequent cyber-related communications. A published author, former journalist, trader, and broker, she has worked extensively across Europe, joining SWIFT in 2012 from LCH.Clearnet which she joined in 2009 as head of public affairs. De Teran is a former board member of the Information Technology Industry Council, the European Commission’s Payment Systems Markets Expert Group and served two terms on ESMA’s Post Trade Standing Committee.

Rahul Prabhakar

Rahul Prabhakar is a principal for security assurance at Amazon Web Services (AWS) focused on security assurance for financial services customers and regulators. He leads engagement with financial regulators globally on security, resiliency, and compliance. Prabhakar previously served as senior advisor for financial institutions policy at the United States Treasury Department, where he helped lead development of U.S. and international financial sector cybersecurity policy, including at the G-7 Cyber Expert Group. Prabhakar holds a doctorate in International Relations from the University of Oxford and a bachelor’s degree in government, magna cum laude, from Harvard University.

Valerie Abend

Valerie Abend is managing director at Accenture Security. As Accenture’s leader for both the North America Financial Services Cybersecurity and Global Cyber Regulatory Practices, Abend advises C-suite executives on how to manage cyber risk to enable new business strategies and remain resilient in the face of rapidly evolving threats. Previously, Abend served as the senior critical infrastructure officer for the U.S. Department of the Treasury’s Office of the Comptroller of the Currency. In this role, she conceptualized and led the U.S. Federal banking agencies’ cybersecurity and resilience strategy, reshaping the cyber supervision processes and examination policy, and the agencies’ interaction with law enforcement and the intelligence community. Abend was a managing director at Bank of New York Mellon and has served as a senior executive at the Federal Reserve Board and as deputy assistant secretary for critical infrastructure protection at the Treasury Department. Earlier in her career, Abend was an associate director at KPMG and on the staff of two congressional commissions studying internet policy issues. Abend has testified several times in front of Congress and is frequently quoted in media on cybersecurity issues. She currently serves as a member of the Monetary Authority of Singapore’s Cybersecurity Advisory Panel, as an advisor to the Board for the Financial Services Information Sharing and Analysis Center (FS-ISAC), and is a member of the Executive Women’s Forum. She also held prior positions on the White House’s Identity Theft Task Force, the Financial Services Sector Coordinating Council, the U.S. Chamber of Commerce Homeland Security Committee, and on the Board of Directors for the Internet Security Alliance.

Marc Philippe Radice

Marc Philippe Radice is the head of international affairs for the Zurich Insurance Group. At Zurich, he takes an end-to-end view of international policy development, encompassing financial regulation, supervision, and stability; cyber security/resilience as well as cyber underwriting and risk management; artificial intelligence, machine learning, and related data considerations; and sustainability. Previously, Radice worked at the Swiss Financial Market Supervisory Authority (FINMA), focusing on risk management, the post-financial crisis agenda, and, more specifically, “too big to fail” in insurance. From 2011-on, he coordinated and then headed FINMA’s delegation to the International Association of Insurance Supervisors (IAIS).

Jason Witty

Jason Witty is the global chief information security officer and head of cybersecurity & technology controls at JP Morgan Chase. He is a member of the firm’s Global Technology Operating Committee. In his prior role as chief information security officer (CISO) at U.S. Bankcorp, Witty provided singular accountability for all information security controls in the company. He also had responsibility for enterprise-wide customer authentication products as well as Internet and DDA channel fraud. Witty led multiple classified and unclassified sector-wide initiatives to upgrade the security posture for U.S. Critical National Infrastructure, including overseeing creation of industry-wide products for destructive malware best practices and utilization of clearances within the financial sector. Witty also serves as the chair of the Financial Services Information Sharing and Analysis Center (FS-ISAC) as well as previously served as the sector chief for financial services in FBI Chicago’s Infragard program.

Mark Morrison

Mark Morrison is senior vice president and chief information security officer for OCC, the world’s largest equity derivatives clearing organization. Prior to joining OCC in 2017, Morrison served as senior vice president and chief information security officer for State Street Corporation from 2013 to 2017. Previously, Morrison served as principal director to the deputy chief information officer for the U.S. Department of Defense (DoD). During this time, he provided leadership and oversight of the Defense Industrial Base cyber security threat information exchange program. Morrison worked for the Office of the Director of National Intelligence from 2009 to 2011. During this time, among other responsibilities, he served as the chief information security officer, leading the sixteen-agency U.S. intelligence community in the areas of information security policy and planning, systems security analysis, risk management, and implementing cyber security defense tactics, techniques, and procedures.

Sultan Meghji

Sultan Meghji is CEO of Neocova, a cybersecurity start-ups focusing on the financial sector. He is also a nonresident scholar in Carnegie’s Cyber Policy Initiative. His research focuses on the architecture of the global financial system, cyber and critical infrastructure security, and the impact of artificial intelligence and quantum computing. Meghji has served as an adviser to the U.S. Department of the Treasury, G7, Federal Deposit Insurance Corporation, Office of the Comptroller of the Currency, and the Federal Bureau of Investigation. He is a distinguished member of the Bretton Woods Committee and is a member of both the Forbes Technology Council and the Missouri Advisory Committee for the U.S. Global Leadership Coalition.

Ramy Houssaini

Ramy Houssaini is the global chief cyber and technology risk officer and group data protection officer for BNP Paribas. He is a member of the firm’s RISK Executive Board. Prior to his current role, Ramy served as the vice president of British Telecom in Europe, the regional head of the cyber practice for Accenture and as the vice president for global risk management at Visa Inc. He is a member of the G7 Cyber Security workgroup and also serves on the advisory board of several startups focusing on optimizing operational risks.

Jennifer Elliott

Jennifer Elliott is division chief of technical assistance strategy, monetary and capital markets at the International Monetary Fund. She plays a leadership role in the IMF’s cyber risk work program, building out a capacity development program launched in 2017, and will oversee a pilot to look at cyber risk supervision in the Financial Sector Assessment Program (FSAP) in two selected countries. Since joining the IMF in 2001 from the Ontario Securities Commission, she has been engaged in setting the IMF’s policy in financial sector issues and the dissemination of policy advice through capacity development and financial sector surveillance. Elliott is a contributor to the Global Financial Stability Report. She holds an undergraduate degree from the University of Toronto and a law degree from the University of Victoria, British Columbia.

Belisario Contreras

Belisario Contreras manages the cybersecurity program at the Organization of American States (OAS) and leads its cybersecurity capacity building efforts. In his role at the OAS, he has led the development of projects focused on building the cyber security capabilities in the Americas. These projects have ranged from policy development and implementation to technical capacity building. Contreras is currently the co-chair of the Global Future Council on Cybersecurity and member of the board of the Center for Cybersecurity of the World Economic Forum (WEF). He is also an Oxford University fellow. Prior to his current position, Contreras worked at the Young American Business Trust (YABT) and was a fellow of the Department of National Planning of Colombia. He holds a bachelor’s in business administration from the Universidad Francisco de Paula Santander, and a master’s degree in Latin American studies from the School of Foreign Service at Georgetown University, with a special focus on government and security. (Contreras is participating in his personal capacity.)

Cameron ‘Buck’ Rogers

Cameron ‘Buck’ Rogers is group head of resilience advisory function at HSBC. He joined HSBC in June 2019 from the Bank of England where he was chief information security officer and latterly chief security officer. At the Bank of England, Rogers designed the CBEST program, managed the second line risk functions covering cyber, physical, and BCIM, and supported the Prudential Regulation Authority with subject matter expertise relating to cyberspace. Before joining the Bank of England, Rogers held a number of senior leadership roles at the Ministry of Defence following a 15-year career in the Royal Navy. He holds a professorship in cyber security at the University of Gloucestershire, and in recognition of his contributions to the information security industry he was awarded a fellowship from the Council of Registered Ethical Security Testers (CREST).

Steven Silberstein

Steven Silberstein is president and CEO of FS-ISAC (Financial Services Information Sharing and Analysis Center). Most recently, he served as the COO of BlueVoyant, a cybersecurity company. Prior, he has held business and technology positions in the global financial services sector, including CEO of Sheltered Harbor (an FS-ISAC subsidiary), CTO/SVP of fintech provider SunGard, and managing director of Lehman Brothers. He is currently an adjunct professor at the Fordham University Gabelli School of Business, serves on the Rensselaer’s Lally School of Business Leadership Council, and is a development partner of the Acumen Fund.

Alois Zwinggi

Alois Zwinggi is a member of the Managing Board of the World Economic Forum and head of its Cybersecurity Center. Prior to joining the Forum in 2010, he worked with Swiss construction material producer Holcim for more than 20 years in various countries, including Mexico and Venezuela. Assignments included executive line management roles as well as corporate functions. He was educated at the University of St. Gallen and Harvard Business School.

Boris Ruge

Ambassador Boris Ruge is vice-chairman of the Munich Security Conference. He previously served as director for the Middle East and North Africa at the Foreign Office in Berlin, as German ambassador to Saudi Arabia, and as deputy ambassador to the United States. Apart from the Middle East, much of his career has been focused on security policy. Ruge did his graduate work at the University of North Carolina at Chapel Hill and the Bologna Center of Johns Hopkins. He was a participant in the 2005 course of the Royal College of Defence Studies in London.

Dmitri Alperovitch

Dmitri Alperovitch is the co-founder and CTO of CrowdStrike Inc. Alperovitch has significant experience working as a cybersecurity expert with all levels of U.S. and international policymakers, intelligence, and law enforcement agencies on analysis, investigations, and profiling of transnational organized criminal activities and cyber threats from terrorist and nation-state adversaries. He is a frequent speaker at military, intelligence, law-enforcement, academic, and security industry conferences. Alperovitch has published and given numerous talks on the contemporary issues in cybersecurity policy such as cyber deterrence doctrine, Chinese-sponsored cyberespionage, and the use of cyber weapons on the future battlefield. Alperovitch is frequently quoted as a cyber policy and cybersecurity expert source in national publications, including the New York Times, USA Today, the Washington Post, the Associated Press, and Reuters.

Lisa Monaco

Lisa Monaco served as homeland security and counterterrorism advisor to President Barack Obama from 2013-2017. In this role, she chaired the cabinet level homeland security principals committee and coordinated the federal government’s crisis management and response to cyberattacks, pandemics, and terrorist threats. Monaco also spent fifteen years at the Department of Justice, serving as a career federal prosecutor, and in senior management positions including at the FBI, where she served as chief of staff to then-director Robert S. Mueller, III, and helped him lead the FBI’s post-9/11 transformation. In 2011, she was confirmed as assistant attorney general for national security, the first woman to serve in that position. She oversaw all federal terrorism and national security prosecutions nationwide. During her tenure she made cyber threats a top priority and created the first nationwide network of national security cyber specialists. She is now a partner at O’Melveny & Myers and serves as co-chair of the firm’s data security and privacy group. She is also a distinguished senior fellow at New York University Law School’s Reiss Center on Law & Security and Center for Cybersecurity and a principal at WestExec Advisors. In addition, she is a member of the board of Accenture Federal Services; Cognosante LLC; and the nonprofit organization, Hostage US. She also co-chairs the Aspen Institute’s Cybersecurity Group, and she is a senior national security analyst for CNN. Monaco is a graduate of Harvard University and the University of Chicago Law School.

Juan Zarate

Juan Zarate is the chairman and co-founder of the Financial Integrity Network (FIN) and chairman of the Center on Economic and Financial Power (CEFP). He was previously the deputy assistant to the president and deputy national security advisor for combatting terrorism and was the first-ever assistant secretary of the Treasury for terrorist financing and financial crimes. He is a graduate of Harvard University and the University of Chicago Law School.

GOVERNMENT AND CENTRAL BANKS Lyndon Nelson, Co-chair of G7 Cyber Experts Group Bank of England
Paolo Ciocca, Commissioner of CONSOB CONSOB, Italy
Art Lindo, Deputy Director, Division of Supervision and Regulation Federal Reserve Board, USA
Tobias Feakin, Ambassador for Cyber Affairs DFAT, Australia
Yeow Seng Tan, Chief Cyber Security Officer MAS, Singapore
Jon Fanzun, Special Envoy for Cyber Foreign and Security Policy MFA, Switzerland
FINANCIAL INDUSTRY Cheri McGuire, (former) Chief Information Security OfficerStandard Chartered
Natasha de Teran, (former) Head of Corporate AffairsSWIFT
Rahul Prabhakar, Principal, Security Assurance Amazon Web Services
Valerie Abend, Managing Director, Financial Services Cybersecurity and Global Cyber Regulatory Practices Accenture
Marc Radice, Head of International Affairs Zurich Insurance Group
Jason Witty, Global Chief Information Security OfficerJP Morgan Chase
Mark Morrison, Chief Information Security Officer (and chair of the cybersecurity working group of the World Federation of Exchanges) Options Clearing Corporation
Sultan Meghji, Co-founder and CEO Neocova
Ramy Houssaini, Global Chief Cyber and Technology Risk Officer and Group Data Protection OfficerBNP Paribas
OTHER Jennifer Elliott, Division Chief, Technical Assistance Strategy, Monetary and Capital MarketsIMF
Belisario Contreras, Manager, Cyber Security Programme Organization of American States
Buck Rogers, Professor of CybersecurityUniversity of Gloucestershire
Steve Silberstein, CEO FS-ISAC
Alois Zwinggi, Member of the Managing Board and head of the Centre for CybersecurityWorld Economic Forum
Boris Ruge, Ambassador and Vice-ChairmanMunich Security Conference
Dmitri Alperovitch, Co-founder and Chief Technology Officer Crowdstrike
Lisa Monaco, Distinguished Senior Fellow New York University, Reiss Center on Law and Security
Juan Zarate, Chairman and Co-founder Financial Integrity Network

Carnegie Lead

Tim Maurer

Tim Maurer is director of the Cyber Policy Initiative and a senior fellow in Carnegie’s Technology and International Affairs program. He works on the geopolitical implications of the Internet and cybersecurity, with a focus on the global financial system, influence operations, and other areas of importance as actors exploit the gray space between war and peace.

In Partnership With:

More on Carnegie’s Fincyber Project

To protect the financial system against cyber threats, this project by Carnegie’s Cyber Policy Initiative provides innovative research, actionable policy proposals, and regular updates on key developments for decisionmakers in government and industry as well as other stakeholders.

Please note...

You are leaving the website for the Carnegie-Tsinghua Center for Global Policy and entering a website for another of Carnegie's global centers.