Chapter 9 - Financial Services: Regulation Isn’t Enough


In a digital world where the number of targets ripe for hacking has grown exponentially, banks and other financial institutions remain a top target for cyberattacks, whether for financial gain, data theft, or retaliation. For nation-state adversaries or hacktivists, disrupting the financial services industry has the potential to grievously wound the global economy, given the interconnectedness and integrated nature of the society we live in today. This chapter underscores that regulation is not enough to address the growing threat to financial institutions. It outlines programs to improve identity verification and authentication protocols. It also underscores the need to streamline cybersecurity regulation to reduce burdens from duplicative or conflicting requirements that have no tangible improvement on cybersecurity. The chapter concludes with a discussion on cyber law enforcement and the need to create international standards for cybercrime investigations and prosecution.

Combining Technology, Public Policy and Economics to Create a Sustainable System of Cybersecurity


| 703-907-7090


| 2500 Wilson Blvd, #245
Arlington, Virginia 22201


ISA provides cybersecurity expert testimony and thought leadership in government and serves as an expert witness to the press.


Greg Montana, Chief Risk Officer, FIS

Greg Montana is the Corporate Executive Vice President, and Chief Risk Officer for FIS Global. Previously he worked at Bank of America as senior vice president and senior operational risk executive; PayPal, as senior director of global risk operations; and Lloyds Banking Group as director of operational, credit and compliance risk. Montana holds a master’s degree in business administration from the Wharton School of the University of Pennsylvania and received a bachelor’s degree from Boston College. Montana was an adjunct professor of risk management at Flagler College in St. Augustine for seven fall semesters (2013 – 2019) and received the Risk Management Association’s (RMA’s) Special Service Award in October 2012, the same year he joined FIS. He has also authored four articles in the RMA Journal.

Gary McAlum, Chief Security Officer, USAA

Gary McAlum is the Senior Vice President and Chief Security Officer at USAA. Prior to USAA, he served in the US Air Force for 25 years in a variety of staff and leadership positions within the information technology career field including telecommunications, deployable and satellite communications, network operations, and information security and with the front line of cyberspace operations for the Department of Defense. He holds a bachelor’s degree in Mathematics from The Citadel, a master’s degree in Management Information Systems from the University of Arizona, and a master’s degree in national resource strategy from the Industrial College of the Armed Forces. In addition, he is Certified Information Systems Security Professional (CISSP) and a Certified Fraud Examiner (CFE).

Kenneth Huh, Global Head of Cyber Compliance, BNY Mellon

Kenneth Huh is the manager of the complete life cycle of cybersecurity risks for BNY Mellon. Prior to joining BNY Mellon, Huh was an advisor on information security strategies to Fortune 500 companies, Top 5 U.S. banks, and the U.S. Government. He holds a bachelor’s degree in business administration from James Madison University.

Tarun Krishnakumar, Private Practice Attorney

Tarun Krishnakumar is a private practice attorney. Previously, he was litigation counsel for the High Court of Delhi, Supreme Court of India and an associate of technology and regulatory affairs at Shardul Amarchand Mangaldas and Co. He has a Master of Law in national security from Georgetown Law and a Bachelor of law and arts from National Law School of India University.