The Institute of International Finance is the global association of the financial industry, with close to 500 members from 70 countries. Its mission is to support the financial industry in the prudent management of risks; to develop sound industry practices; and to advocate for regulatory, financial and economic policies that are in the broad interests of its members and foster global financial stability and sustainable economic growth.
The Capstone team will work with IIF to evaluate financial industry (predominately banks and securities firms) third-party vendors as a transmission channel for cyber risk and a potential risk to financial stability. Cloud computing companies will serve as a case study for this analysis. Vendor risks exist due to the fact that (most) financial firms are outsourcing their business and customer data to third party Cloud computing companies (“the Cloud”), especially the main players: Amazon, Google, IBM and Microsoft. Liaising directly with IIF's global membership to conduct primary market research, the team will provide a second level of analysis that would include determining how companies protect themselves against this “vendor risk” and how this is addressed from a regulatory or policy perspective.