Agefi Luxembourg - avril 2025

AGEFI Luxembourg 44 Avril 2025 Informatique financière ByMaurice SCHUBERT, Cyber Partner &Yasser ABOUKIR,CyberDirector,DeloitteLuxembourg T he EuropeanUnion’sDigital Operational ResilienceAct (DORA) is reshaping the cyber- security landscape for financial institu- tions across the region.A regulation aimed at bolstering the digital operational resilience of all financial entities in the EUby harmonizing cy- bersecurity require- ments, DORAapplies not only to banks but also to insurers, invest- ment funds, payment institutions, and other fi- nancial service providers. Given Luxembourg’s prominent position as a global financialhub—hometoapproximately126banksand over 3.600 investment funds—DORA carries added significance, reinforcing the need for robust cyberse- curitymeasures. From boardrooms to security operations centers, or- ganizations are asking the same question: How can we ensure compliance, mitigate evolving cyber threats, andmaintain trust inour services? The need for advanced cyber testing Among the many requirements, DORA requires fi- nancial entities to establish robust operational re- silience programs, meaning they must demonstrate anabilitytowithstandandrecoverfromseverecyber incidents. Besides the obvious technological and op- erational cyber issues, failure to do so risks not only regulatory penalties but also reputational damage, whichcanbe far costlier in the long term.Whilevalu- able, traditional penetration testingno longer suffices on its own. Regulators and clients alike expect finan- cial institutions to simulate realistic, high-impact at- tacks that probe the entire defensive ecosystem. Increasinglysophisticatedattacksbywell-fundedcy- bercriminals and nation-state actors demand Threat- LedPenetrationTesting(TLPT),anadvancedsecurity testingthatsimulatesrealisticcyber-attacksusingtac- tics—often aligned with frameworks like MITRE ATT&CK—to assess not only the external perimeter but also internal detection and response capabilities. To conduct such testing, TLPT is divided into Cyber Threat Intelligence (CTI) andRedTeaming (RT). A key objective of TLPT is to capture the possible paths to compromise to production environments, which would not be identified in traditional tests where the nature and/or scope of the testing is con- strained in terms of targets, tactics, or environments. The CTI aims to evaluate the ecosystem into which the target entity evolves, and to identify the possible attackpaths.TheRedTeamingistheoffensivepartof theengagement,whereexpertswillattempttoimple- ment the scenarios definedbasedon theCTI. Moreover,testingisnotonlyfortheperimeterbutalso the ability of teams to detect and respond internally. Beyond meeting DORA’s Article 26 requirements, TLPTprovidesleadershipwithadata-drivenviewof potential business disruptions. Such exercises mimic genuineadversaries,usingadvancedtacticsandtech- niques used in actual breaches while remaining alignedwithestablishedsecuritytestingframeworks. Complexity and talent challenges ConductingTLPTandPurpleTeamingis notasimplecheckboxexercise.Itrequires professionalswhocombinedeeptechni- cal expertise such as ethical hacking, threat intelligence, incident response, withastronggraspofregulatoryandbusi- ness imperatives. Identifying real attack paths,analyzinghowtheyimpactcritical processes,andtranslatingthisinto practical remediation steps demands a rare blend of capabilities. Whilecybersecuritytalent is in highdemandworld- wide, Luxembourg faces additional competition from neighboring financial centers. Organizations often struggletoattractandretainin- dividualswhonotonlyunderstandreg- ulatory mandates like DORA but also possess the technical acumen to execute advanced testing. As a result,many in-house security teamsfind them- selvesoverwhelmedorforcedtochoosebetweenday- to-daydefenses and strategic, proactive initiatives. Purple Teaming: Closing the loop PurpleTeamingisacollaborativeapproachthatbrings together the offensive Red Team (attack simulation) andthedefensiveBlueTeaminreal-time.Ratherthan operatinginacompetitive“usvs.them”manner,both sidesworkinsynctoanalyzevulnerabilities,sharein- sights, and iteratively enhance securitymeasures. Thisengagementhelpsimprovedetectionthresholds, streamline incident response, and fine-tune security controls.Particularlywell-suitedforstrengtheningin- ternal teams, Purple Teaming increases operational security readiness against real threats. DORA underscores the need for ongoing opera- tional resilience rather than one-off tests. Purple Teaming fosters a culture of iterative enhancement: each test reveals gaps, which are quickly addressed and retested, building a cycle of sustained growth in cyber maturity. Preparing and running a TLPT Conducting a TLPT requires thoroughplanning and realistic scenario design. Begin by setting clear objec- tives that align with your organization’s risk profile. Startwithcomprehensivethreatintelligencegathering to identify relevant adversary tactics andpotential at- tack paths. Using this information, design tests that simulateactualthreatscenarios,ensuringthatbothex- ternal and internal vulnerabilities are evaluated. During theplanning stage, involvekey stakeholders todefine the scope andobjectives.Avoidoverlynar- row focus areas that may overlook critical vulnera- bilities, andmaintain clear communicationbetween testing teams and operational staff. Emphasize re- alistic conditions rather than idealized settings to uncover genuine risks. Once testing is underway, use red teaming to sim- ulate adversarial actions while assessing detection and response capabilities. Incorporate collaborative purple teaming sessions to integrate lessons learned and refine security measures. Common pitfalls in- clude relying on outdated intelligence or restricting test parameters too tightly, which can undermine the exercise’s effectiveness. By following these guidelines and avoiding common mistakes, your TLPT can deliver actionable insights that enhance cyber resilience and better prepare your organiza- tion against evolving threats. In closing Adapting to DORA’s rigorous requirements is both a challenge and an opportunity. The combi- nation of TLPT and Purple Teaming offers a pow- erful way to demonstrate real resilience and maintain stakeholder trust. While the talentmarket and technical intricaciesmay appear daunting, a well-planned, iterative approach ensures that Luxembourg’s financial institutions re- mainattheforefrontofcybersecurity,readytoprotect critical assets in an ever-evolving threat landscape. Elevateyourcybersecuritystrategywithourcompre- hensiveThreat Intelligence and red teaming services, ensuring your organization remains resilient, agile, andprotected against ever-evolving threats. Leveraging threat intelligence-driven security testing to fortify cyber resilience M opso, a fast-growingReg- Tech startup specializing in anti-money laundering and financial crime prevention, has secured a €1million seed round. Founded in Italy andnowbased in Luxembourg at the Luxembourg House of Startups,Mopso is set to accelerate its growth and expand its impact in the financial sector. The capital increase was subscribed by Apside,ajointventurebyIntesaSanpaolo andZestS.p.A.,byFin+Tech,theprogram oftheNationalNetworkofAcceleratorsof CDPVentureCapital dedicated tofintech andinsurtechwithafollow-oninvestment andanadditionalinvestmentfromCentro Istruttorie, a company part of Moltiply Group. The round also sawthe participa- tionof several business angels. Mopso was founded inMilan in 2021 by two experienced founders, an ex-Banca d’Italiaanalyst(AndreaDanielli)andase- rial entrepreneur (Enrico Fagnoni), in order to offer banks andfinancial institu- tions a modular software platform for money laundering prevention. Mopso’s products leverage the semantic web anddigital identity to simplify com- pliance processes. Specifically, Brain soft- ware identifies suspicious transactions and high-risk customers by integrating millions of internal data from enriched sources, along with datasets and Open Source Intelligence, while its algorithms conductriskprofilesearchesandnetwork connection analysis. Amlet makes due diligence data “portable” and reusable within an ecosystem of intermediaries after translating it into verifiable creden- tials.Theonboardingproceduresaresim- plified and prepared for the adoption of the EuropeanDigital Identitywallet. Followinga strongdomesticmarket val- idation in its initial years of operation, and after being selected by Italy’s presti- gious Fin+Tech Private/Public Venture Accelerator, the company strategically extended its presence to Luxembourg— one of Europe’s leading financial hubs. Mopso secured a place in the country’s premier national accelerator, FIT4Start, under the High-Performance Comput- ing (HPC) category, marking a pivotal step in its growth journey. Over the course of six months, Mopso actively engaged with key players in Luxembourg’sfinancial ecosystem, lead- ing to its incubation at the Luxembourg Houseof Financial Technology (LHoFT), the country’s principal innovation hub for financial services. The company fur- ther strengthened its involvement in the local fintech sector, gaining recognition from the Association des Compagnies d’Assurances et deRéassurances (ACA), Luxembourg’s professional association of insurers andreinsurers.As a testament to its innovative approach, Mopso was selected as a finalist in the 2024ACA In- novationAwards, highlighting its contri- bution to the domestic market. Amajor milestone inMopso’s expansion efforts came inNovember 2024when the companyreceivedasignificantgrantfrom Luxembourg’s Ministry of the Economy and the Luxembourg National Research Fund (FNR) under the Joint Call HPC (High-Performance Computing) pro- gram, in a call togetherwith the LIST. This recognition underscored the confi- dence of Luxembourg’s key stakehold- ers in Mopso’s technology and will support the development of its ground- breaking project, PAMLA. Designed to revolutionize anti-money laundering (AML) practices in the financial sector, PAMLA will leverage advanced com- puting power, LIST’s competences in data analytics andMopso’s technical ex- pertise to enhance financial security and regulatory compliance. “The quality and weight of the investors confirm the value of our project. We are already working to create the right com- mercialandindustrialsynergies,wehope to strengthen our research and develop- ment activitieswith the support of strate- gic partners. With the Moltiply Group ecosystem, we already seemultiple areas for concrete collaboration”, said Andrea Danielli, CEOofMopso. ArmundiaGroup and Mopso join forces Mopso has also announced a strategic partnership with Armundia Group, a global tech company specializing in ICT solutionsforbanks,insurers,andfinancial advisors, to establish a strategic partner- ship in Italy andabroad. Both companies, LHoFTmembersfromItaly,operatefrom LHoFT’s facilities inLuxembourg. Thegoal of this partnership is to combine expertise and key strengths to provide banks, asset managers, investment man- agers,wealthmanagers,familyoffices,in- surance companies, and intermediaries with integratedend-to-end solutions that streamlineonboardingprocesses,incom- pliance with Anti-Money Laundering regulations, and ensure the Know Your Customer process is fullyautomatedand always up to date. The synergy will un- fold in the domestic market through the parent company Armundia Group and internationally through the subsidiaries Armundia Luxembourg and Armundia UnitedKingdom. ArmundiaGroup’ssolutionforthefinan- cialindustry,Armundia3SIXTY,isamod- ular framework of AI-based applications andnext-generationend-to-endplatforms designed to be scalable and easily inte- grated with existing infrastructures. Amongthemostinnovativesolutions,Ar- mundia3SIXTYAdvisoryhasbeendevel- oped for financial and wealth advisory and represents the newfrontier ofWealth Tech. The platformfocuses onhyper-per- sonalisation of service and integrated managementoftheentirewealthportfolio, thanks to powerful calculation engines, highlyaccuratepredictivemodels,andad- vanced immersive data reporting tools. “In the current context of the digital transformation of the banking system, it is key to adopt next-generation applica- tions that foster incremental andharmo- nious innovation of IT infrastructures. Through this approach we enable the entire ecosystem to evolve, improving security, transparency, speed, and effi- ciency with direct benefits for the end customer. We are proud of this partner- ship and are already working on our first joint projects”, said Gianluca Berghella, CEO of Armundia Group andArmundia United Kingdom. “In the context of Luxembourg, adopting high-security standards is an essential re- quirement,nowmorethanever.Inamar- ketregulatedbystrictstandards,ensuring maximum compliance not only protects the trust of investors and institutions but also strengthens Luxembourg’s role as a leadingfinancialhubinEuropeandglob- ally”,concludedPaoloMaceratesi,CEOdi Armundia Luxembourg. More info :https://www.mopso.eu/ ; https://armundia.com/ The RegTech startup Mopso closes a €1M seed round from left to right: Paolo Maceratesi (Armundia Luxembourg), Gianluca Berghella (Armundia Group), Andrea Danielli (Mopso)