The rapid pace of Digital Transformation has unleashed a high volume of cyberthreats. This is making cybersecurity and compliance a top priority for CXOs and making it critical for businesses to ensure their cyber-regulatory compliance roadmap is in place. To address this, Birlasoft Ltd, part of the $2.4 billion diversified The CK Birla Group, has partnered with a startup named Regulativ.ai to co-develop a new AI/ML-based cyber-regulatory reporting platform. The two companies said the co-developed platform will help regulated enterprises gain a deeper understanding of their cyber regulatory compliance risks and provide them with actionable reports to mitigate risks and ensure compliance.
By Brian Pereira, Editor-in-Chief, CISO MAG
Speaking to CISO MAG, Shilpa Bhandari, SVP and Global Head – BFSI, Birlasoft said, “CISOs are looking for a view of their posture or the organization’s posture to cyber regulatory compliance requirements in various jurisdictions. The process today is highly manual and highly inefficient so rarely are they able to get a live view of where the organization is compliant and where there are gaps from a cyber regulatory perspective. This cyber-regulatory reporting platform, with its degree of automation and integration with various data sources, leverages machine learning and digital technologies to give CISOs that view on a more current basis. This is going to help CISOs do action planning around gaps that they want to prioritize to address, to work with the CEOs and even the Board, to prioritize and seek more budgets.”
Bhandari informed that there is also an element of auditability in the solution.
“It is an online platform with the ability to look at all the data sources, internal and external, that are being used to provide this reporting to a Chief Compliance Officer or Head of Audit,” she added.
Solving a Major Pain Point
Jinal Shah, CEO, Regulativ.ai told CISO MAG that the cyber-regulatory reporting platform is solving many pain points for organizations.
“The fundamental pain point is inefficiency in organizations that are required to comply with the various statutory cyber regulatory & cyber audit and certification requirements. The inefficiencies are due to lack of collaboration between teams, lack of information, lack of data, or poor-quality data. Each CISO organization collects data from all manner of sources to put together a report for the regulator. It takes time to collect the data, sanitize it, verify it, and clean it. This could take anything between 500 – 600 manhours per assessment, per year,” said Shah.
Cyber-Regulatory Reporting Platform
Compliance has become a huge challenge for security teams when there are so many norms to follow and varying output formats. Manual processes cannot do justice. Static budgets mean security teams cannot be expanded. As if that wasn’t enough, the volume and variety of threats are increasing exponentially.
Shah also informed us that this cloud-based solution uses an NLP engine to automate the extraction of the entities from the questions of the policies that are published by the regulators. It identifies key entities and keywords and generates data mappings with the organization’s data. In that sense, the solution creates a taxonomy of regulations that are fed to the NLP engine. He claims the overall automation can realize significant efficiency benefits to organizations of anything between 40% – 70%.
Regulativ.ai is a team of technologists collectively with 115 years of experience in Banking, and 30 years in AI and ML. Its technology platform caters to regulated sectors (Financial, Health care, Aviation, Defence, Non-profits) addressing increasing cybersecurity regulatory compliance challenges.
Regulativ.ai was recently selected as a member of global CYBERTECH100 2021, from a field of over 1,000 companies. CYBERTECH100 identifies the 100 most innovative global companies that every financial institution needs to know about when they consider and develop their information security and financial crime-fighting strategies.
Regulation in Multiple Geographies
The cyber-regulatory reporting platform can be adapted for use in various geographies to comply with local regulations. For now, Birlasoft wants to focus on North America and the English-speaking countries in Europe.
“We are starting with N. America and Europe. Within Europe, our presence will be in the four English-speaking economies, namely Germany, U.K., Switzerland, and France. But we also see many opportunities in Southeast Asia,” said Bhandari.
Shah says there are “no restrictions” in terms of what regulations can be covered within the cyber-regulatory reporting platform.
“We’re looking at various regulations around the world: the U.S. regulations (NYDFS, NFA, FINRA) the U.K. ones, Hong Kong, Singapore, India. All the regulations we see there are known standards. They are all structured differently because they expect a different response from each client — and the response itself is not structured correctly. The U.S, the U.K., and EU are seen as leaders in legislation and regulation policies. All the other OECD countries will typically look at those regulators and regulations to set the lead. So, it makes sense for us to tackle those jurisdictions first to get those regulations automated,” said Shah.
About the Author
Brian Pereira is the Editor-in-Chief of CISO MAG. He has been writing on business technology concepts for the past 27 years and has achieved basic certifications in cloud computing (IBM) and cybersecurity (EC-Council).