Regulation gives structure and voice to security leaders: Darshan Chavan, CISO, Canara Robeco Asset Management Company

In an era where technology defines competitiveness, the financial services industry stands at the crossroads of innovation and risk. For Darshan Chavan, Chief Information Security Officer at Canara Robeco Asset Management Company, cybersecurity is no longer about checking regulatory boxes — it’s about embedding resilience into the organisation’s DNA.

“Many organisations still think that regulations are supposed to be a checklist,” he observes. “But when the regulator introduces new norms, there’s deeper reasoning behind it. Regulations exist to protect you from one aspect of risk — but true cyber resilience begins when you understand your own business, processes, and standard operating procedures, and align your controls accordingly.”

For Chavan, this is the essence of proactive cybersecurity — going beyond compliance to anticipate and neutralise threats. “Controls are just a preventive approach,” he explains. “You have to be proactive — dig deep into every single process, ensure it’s ...