Based on technical assistance to central banks by the IMF’s Monetary and Capital Markets Department and Information Technology Department, this paper examines fintech and the related area of cybersecurity from the perspective of central bank risk management. The paper draws on findings from the IMF Article IV Database, selected FSAP and country cases, and gives examples of central bank risks related to fintech and cybersecurity. The paper highlights that fintech- and cybersecurity-related risks for central banks should be addressed by operationalizing sound internal risk management by establishing and strengthening an integrated risk management approach throughout the organization, including a dedicated risk management unit, ongoing sensitizing and training of Board members and staff, clear reporting lines, assessing cyber resilience and security posture, and tying risk management into strategic planning.. Given the fast-evolving nature of such risks, central banks could make use of timely and regular inputs from external experts.
Tamas Gaidosch, Frank Adelmann, Anastasiia Morozova, and Christopher Wilson
This paper highlights the emerging supervisory practices that contribute to
effective cybersecurity risk supervision, with an emphasis on how these practices
can be adopted by those agencies that are at an early stage of developing a
supervisory approach to strengthen cyber resilience. Financial sector supervisory
authorities the world over are working to establish and implement a framework
for cyber risk supervision. Cyber risk often stems from malicious intent, and a
successful cyber attack—unlike most other sources of risk—can shut down a
supervised firm immediately and lead to systemwide disruptions and failures.
The probability of attack has increased as financial systems have become more
reliant on information and communication technologies and as threats have
continued to evolve.
International Monetary Fund. Monetary and Capital Markets Department
The United Kingdom faces significant money laundering threats from foreign criminal proceeds, owing to its status as a global financial center, but the authorities have a strong understanding of these risks. The authorities estimated the realistic possibility of hundreds of billions of pounds of illicit proceeds being laundered in their jurisdiction. The money laundering risks facing the United Kingdom include illicit proceeds from foreign crimes such as transnational organized crime, overseas corruption, and tax crimes. Financial services, trust, and company service providers (TCSPs), accountancy and legal sectors are high-risk for money laundering, with also significant emerging risks coming from cryptoassets. Some Crown Dependencies (CDs) and British Overseas Territories (BOTs) have featured in U.K. money laundering investigations. Brexit and COVID pandemic have an impact upon the money laundering risks in the United Kingdom. The authorities nevertheless have demonstrated a deep and robust experience in assessing and understanding their ML/TF risks. Leveraging technology tools such as big data and machine learning to analyze cross-border payments may add further dimension to their risk assessments. This technical note (TN) will focus on key aspects of the United Kingdom’s anti-money laundering and countering the financing of terrorism (AML/CFT) regime: risk-based AML/CFT supervision, entity transparency and international cooperation.
International Monetary Fund. Monetary and Capital Markets Department
The Norwegian financial system has a long history of incorporating new technology. Norway is at the forefront of digitization and has tight interdependencies within its financial system, making it particularly vulnerable to evolving cyber threats. Norway is increasingly a cashless society, with surveys and data collection suggesting that only 10 percent of point-of-sale and person-to-person transactions in 2019 were made using cash.1 Most payments made in Norway are digital (e.g., 475 card transactions per capita per annum)2 and there is an increase in new market entrants providing a broad range of services. Thus, good cybersecurity is a prerequisite for financial stability in Norway.
Mr. Tanai Khiaonarong, Mr. Harry Leinonen, and Ryan Rizaldy
Major operational incidents in payment systems suggest the need to improve their resiliency. Meanwhile, as payment infrastructures become more digitalized, integrated, and interdependent, they require an even higher degree of resilience. Moreover, risks that could trigger major disruptions have become more acute given the rise in power outages, cyber incidents, and natural disasters. International experiences suggest the need to strengthen reliability objectives, redundancies, assessment of critical service providers, endpoint security, and alternative arrangements
Emanuel Kopp, Lincoln Kaffenberger, and Christopher Wilson
Cyber-attacks on financial institutions and financial market infrastructures are becoming
more common and more sophisticated. Risk awareness has been increasing, firms actively
manage cyber risk and invest in cybersecurity, and to some extent transfer and pool their
risks through cyber liability insurance policies. This paper considers the properties of cyber
risk, discusses why the private market can fail to provide the socially optimal level of
cybersecurity, and explore how systemic cyber risk interacts with other financial stability
risks. Furthermore, this study examines the current regulatory frameworks and supervisory
approaches, and identifies information asymmetries and other inefficiencies that hamper the
detection and management of systemic cyber risk. The paper concludes discussing policy
measures that can increase the resilience of the financial system to systemic cyber risk.
Joseph Goh, Mr. Heedon Kang, Zhi Xing Koh, Jin Way Lim, Cheng Wei Ng, Galen Sher, and Chris Yao
Cyber risk is an emerging source of systemic risk in the financial sector, and possibly a macro-critical risk too. It is therefore important to integrate it into financial sector surveillance. This paper offers a range of analytical approaches to assess and monitor cyber risk to the financial sector, including various approaches to stress testing. The paper illustrates these techniques by applying them to Singapore. As an advanced economy with a complex financial system and rapid adoption of fintech, Singapore serves as a good case study. We place our results in the context of recent cybersecurity developments in the public and private sectors, which can be a reference for surveillance work.
Financial technology (fintech) is emerging as an innovative way to achieve financial inclusion and the broader objective of inclusive growth. Thus far, fintech in the MENAP and CCA remains below potential with limited impact on financial inclusion. This paper reviews the fintech landscape in the MENAP and CCA regions, identifies the constraints to the growth of fintech and its contribution to inclusive growth and considers policy options to unlock the potential.