You are looking at 1 - 10 of 11 items for :

  • Type: Journal Issue x
  • Financial Economics x
  • Finance and accounting x
  • Technology, Engineering, Agriculture, Industrial processes x
  • Online Safety & Privacy x
  • Economic sectors x
  • Computing and Information Technology x
  • Information technology; Security measures x
Clear All Modify Search
International Monetary Fund. Monetary and Capital Markets Department
This technical note focuses on cyber and operational resilience, supervision and oversight in Iceland. The Icelandic financial sector has not experienced seriously disruptive cyber-attacks or operational issues in recent years, but threats are growing. Iceland’s dependence on international connectivity for both debit and credit card systems introduces a significant vulnerability into the payment system. There is no dedicated cyber security strategy for the finance sector. Operational risk experts in the Central Bank of Iceland (CBI) are experienced and well regarded by financial institutions, but more resources are needed to provide adequate coverage of this increasingly important area. The supervision of financial institutions’ cybersecurity is highly dependent on self-assessments by the regulated entities themselves and independent reviews carried out by third parties. CBI should regularly revise the list of critical operations and critical service providers for internal use and for presentation to the Financial Stability Committee and Financial Stability Council. CBI is encouraged to enhance its incident dashboard by summarizing cyber incidents and examining trends.
International Monetary Fund. Monetary and Capital Markets Department
This technical note evaluates strengthening cybersecurity in financial institutions of Trinidad and Tobago. The deliverables included a capacity-building seminar on regulation of cyber risk. The Central Bank of Trinidad and Tobago identified the need for filling regulatory gaps and desires to issue a focused guideline on cybersecurity covering governance, risk management, incident reporting, and cyber hygiene, and intends to develop a draft guideline for consultation with its regulated institutions in the first quarter of 2023. Supervisory arrangements for Information and Communication Technology/cyber risks need further improvements and resource constraints within Financial Institutions Supervision Department need to be addressed urgently. The Identity and Access Management project has been formally set up and is now in Phase 1, which is considered preparatory. The governance of the project, the high-level roadmap, and the deliverables for Phase 1 are generally in line with good practices. It is recommended to establish regular cybersecurity meetings and reporting regime at the Board level with the participation of the Head of IT Security.
International Monetary Fund. Monetary and Capital Markets Department
This technical assistance report discusses Cybersecurity Risk Supervision and Oversight in Sweden. Sweden’s financial sector is highly digitized and interconnected, and the related technological developments heighten cyber threats and vulnerabilities. Sweden is well-served with agencies engaged with cybersecurity, but the roles and responsibilities of each in respect to the cyber security of the financial sector should be clarified and barriers to sharing information resolved. It is important that the financial sector engages with and helps to shape the activities of the National Cyber Security Centre. Cyber incident reporting frameworks are in place, as are some, limited, information sharing for a, but there is still an appetite from financial institutions to receive more information on threats and incidents. Contingency plans and crisis protocols should be established for large-scale cyber-attacks affecting the Swedish financial sector. The Swedish authorities are advised to identify and address the barriers to information sharing between government agencies, the financial authorities, and the private sector.
International Monetary Fund. Monetary and Capital Markets Department
Mexico’s financial system is digitalizing rapidly, increasing exposure to cyber risk. As in other jurisdictions, internet and mobile banking users in Mexico have increased substantially, but cyber incidents have also surged in recent years. The tight interdependencies within its financial system, and beyond, make Mexico vulnerable to evolving cyber threats. Thus, the Financial System Stability Council (CESF) has recognized cyber as a risk with potential to impact financial stability.
International Monetary Fund. Monetary and Capital Markets Department
This Technical Note on Oversight of Fintech explains that Ireland’s fintech sector is growing in importance through the entry of innovative new players and digital transformation of incumbents’ business models and products. This note seeks to identify risks arising from fintech as well as policy responses by authorities. The Irish Government has adopted a Strategy implemented by annual action plans for the development of Ireland’s international financial services sector that includes several initiatives of relevance to fintech. The Central Bank has an Innovation Hub that provides a single point of contact for stakeholders on fintech-related issues. Under the EU’s passporting framework host regulators receive limited information on the activities that passporting entities carry out in their jurisdiction. Incumbent retail banks in Ireland are dedicating significant resources to digital transformation, while fintechs are enlarging consumer choice through innovative new services. The Central Bank should further intensify its efforts to monitor developments on crypto-assets through systematic data collection within the scope of its powers and, where unacceptable risks remain, issue carefully targeted warnings and investor communications.
International Monetary Fund. Monetary and Capital Markets Department
Cybersecurity risk continues to grow both in complexity and severity and is a function of an increasingly open and interconnected cyber and financial ecosystem. The South African financial system has a long history of incorporating technology and as for many financial systems across the globe, digitalization has become a strategic priority. For risk management to keep pace with the dynamic nature of cyber threats and threat agents, systemically important financial institutions (SIFIs) have made substantial investments in cyber resilience programs (e.g., establishing cyber strategies, frameworks, and governance structures). Consistent with many jurisdictions, and partly a result of widespread remote working arrangements implemented in response to the global pandemic, cybersecurity threats to financial stability increased. However, high standards of risk management meant threats did not materialize into significant losses and/or disruptions.
Frank Adelmann, Ms. Jennifer A. Elliott, Ibrahim Ergen, Tamas Gaidosch, Nigel Jenkinson, Mr. Tanai Khiaonarong, Anastasiia Morozova, Nadine Schwarz, and Christopher Wilson
The ability of attackers to undermine, disrupt and disable information and communication technology systems used by financial institutions is a threat to financial stability and one that requires additional attention.
International Monetary Fund. Monetary and Capital Markets Department
The Norwegian financial system has a long history of incorporating new technology. Norway is at the forefront of digitization and has tight interdependencies within its financial system, making it particularly vulnerable to evolving cyber threats. Norway is increasingly a cashless society, with surveys and data collection suggesting that only 10 percent of point-of-sale and person-to-person transactions in 2019 were made using cash.1 Most payments made in Norway are digital (e.g., 475 card transactions per capita per annum)2 and there is an increase in new market entrants providing a broad range of services. Thus, good cybersecurity is a prerequisite for financial stability in Norway.
Tamas Gaidosch, Frank Adelmann, Anastasiia Morozova, and Christopher Wilson
This paper highlights the emerging supervisory practices that contribute to effective cybersecurity risk supervision, with an emphasis on how these practices can be adopted by those agencies that are at an early stage of developing a supervisory approach to strengthen cyber resilience. Financial sector supervisory authorities the world over are working to establish and implement a framework for cyber risk supervision. Cyber risk often stems from malicious intent, and a successful cyber attack—unlike most other sources of risk—can shut down a supervised firm immediately and lead to systemwide disruptions and failures. The probability of attack has increased as financial systems have become more reliant on information and communication technologies and as threats have continued to evolve.
Antoine Bouveret
Cyber risk has emerged as a key threat to financial stability, following recent attacks on financial institutions. This paper presents a novel documentation of cyber risk around the world for financial institutions by analyzing the different types of cyber incidents (data breaches, fraud and business disruption) and identifying patterns using a variety of datasets. The other novel contribution that is outlined is a quantitative framework to assess cyber risk for the financial sector. The framework draws on a standard VaR type framework used to assess various types of stability risk and can be easily applied at the individual country level. The framework is applied in this paper to the available cross-country data and yields illustrative aggregated losses for the financial sector in the sample across a variety of scenarios ranging from 10 to 30 percent of net income.