BoB tasks banks to reinforce cyber security
Isaac Pinielo | Friday October 13, 2017 12:37
In its latest banking supervision annual report, the central bank therefore tasked financial institutions to make efforts to tackle cybercrime, including enhanced risk awareness by the board and executive management, as well as strengthening of board oversight over cyber security risks.
It said cybercrime has the potential to undermine proper functioning of financial systems, adding that if the world’s financial systems fail to put in place cyber risk mitigation measures, the consequences could be far-reaching with adverse implications.
“These implications include loss or corruption of confidential and sensitive data, financial loss, either direct loss of revenue or indirectly through litigation and other legal costs, fines, reputational damage, and loss of business due to weakened confidence, material loss of shareholder value, and business disruptions due to compromised Information Technology (IT) systems,” said the reserve bank. For banks, BoB said, this could result in depositors being unable to access their funds on demand, creating mass panic and bank runs, thus threatening the existence of financial institutions and systems.
It further noted that the management and mitigation of cyber risk is a major challenge and requires significant financial, human and other resources.
“There should be an on-going dialogue about emerging trends and vulnerabilities, adequate investment in cyber security infrastructure systems and procedures,” the BoB said.
The central bank also called for the resources allocated to cyber security to be commensurate with the nature and complexity of an institution’s business activities and its strategic direction.
It said there is need to engage cyber risk specialists that can develop timely and customised solutions on the institution’s operating systems, business needs and organisational culture, and sectoral and regulatory collaboration and information sharing on cybercrime risks and threats. “Furthermore, it is crucial for the financial sector to work more closely with the telecommunications firms, Internet Service Providers (ISPs) and other vendors in tackling cybercrime,” said BoB.
The Central Bank said it is updating regulatory and supervisory frameworks aimed at addressing the cyber security threats, noting that banks are equally expected to clearly outline key areas of vulnerability.
In addition, the central bank has urged banks to develop cybercrime risk policy to strengthen the board’s oversight role of this type of risk, establish Computer Incident Response Teams (CIRTs) to monitor, detect, analyse and investigate cyber threats and cyber incidents.
Banks were also implored to ensure that appropriate reporting channels are made available to facilitate the reporting of incidents related to cybercrime to the reserve bank, other licensed banks and relevant law enforcement authorities in a timely manner.
“Each bank should have a system in place for recording, production and provision of statistical data on cybercrime and other related criminal activities to the Central Bank and relevant law enforcement authorities,” BoB said.
The apex bank encouraged domestic financial institutions to establish mechanisms to facilitate collaboration and work more closely with each other, the telecommunications industry, ISPs and other vendors so as to increase awareness of cybercrime.
In view of the serious threats posed by cybercrime, the BoB said it will continue to closely monitor developments in this area, and regularly engage the banking sector, as necessary.