The Beyond Capture Podcast
Beyond Capture is a podcast by Umony, hosted by CEO Dean Elwood, exploring how firms can leverage the vast amounts of data they capture and transform them into a powerful asset.
Umony provides capture, archiving and AI-native surveillance solutions to help enterprises navigate governance and regulatory challenges. Featuring Chief Compliance Officers, regulatory compliance experts and industry leaders, we discuss how to move beyond data collection and transform compliance into a proactive and strategic function.
The Beyond Capture Podcast
Building Assurance and Resilience Across Suppliers
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
In this episode of Beyond Capture, Dean Elwood, CEO of Umony, speaks with Corinna Mitchell, General Counsel of Symphony, about supply chain risk, operational control and regulatory resilience in financial services.
The conversation examines how resilience obligations extend through the supply chain, the role of certifications such as ISO 27001, ISO 42001 and SOC 2, and why accreditation and verification of those certifications matter. Corinna explains how financial institutions assess control and security across vendors and subcontractors, how critical and important suppliers are identified, and how proportionality is applied in practice.
They also discuss regulatory expectations under DORA, where responsibility remains with financial entities, and how technology providers are preparing through contractual frameworks, governance and supplier oversight. The episode concludes with a look at how firms assess vendor risk, manage subcontractors, and present resilience and assurance in an increasingly complex regulatory environment.
Chapters:
00:00 Intro
01:15 Introduction: Off-Channel Communications in Finance
02:57 WhatsApp Fines & Regulatory Crackdowns
05:45 Data Privacy & End-to-End Encryption
08:09 AI, Analytics & Human Oversight
10:25 Explainability, Auditability & AI Risks
13:36 Certifications: ISO, SOC 2 & Trust Signals
16:51 DORA & Operational Resilience
18:34 Supply Chain and vendor risk
21:32 Certifications, Accreditation & Vendor Due Diligence
30:28 Cloud, Data Locality & Multi-Region Failover
37:55 Global Standards & Harmonisation Challenges
42:37 Product Vision – Analytics, Interoperability & Workflows
47:29 Identity, Trust & The Future of Communication
54:28 Outages, Geopolitics & Preparedness
59:09 Pen Testing, Red Teams & Cyber Defence
01:03:56 Closing: Practical Steps for Secure Communications
UKAS - United Kingdom Accreditation Service - https://www.ukas.com
UKAS Certcheck - https://certcheck.ukas.com
The UK National Cyber Security Centre (NCSC) runs CHECK, and publishes a directory of assured CHECK providers - https://www.ncsc.gov.uk/schemes/check/find-an-assured-check-provider
CREST positions itself as an accreditation body for cyber security service providers and maintains a searchable member directory - https://www.crest-approved.org/members/