Narrow Your Choices

Refine By Countries

Refine By Series

Refine By Language

Refine By Date

Refine By IMF Taxonomy

Refine By JEL Taxonomy

Refine by LOC Taxonomy

Refine By THEMA Taxonomy

  • Print
  • Save

Computers > Online Safety & Privacy

You are looking at 1 - 10 of 19 items for

  • Type: Journal Issue x
Clear All Modify Search
Cover IMF Staff Country Reports
Iceland: Financial Sector Assessment Program-Technical Note on Cyber and Operational Resilience, Supervision and Oversight
International Monetary Fund. Monetary and Capital Markets Department
This technical note focuses on cyber and operational resilience, supervision and oversight in Iceland. The Icelandic financial sector has not experienced seriously disruptive cyber-attacks or operational issues in recent years, but threats are growing. Iceland’s dependence on international connectivity for both debit and credit card systems introduces a significant vulnerability into the payment system. There is no dedicated cyber security strategy for the finance sector. Operational risk experts in the Central Bank of Iceland (CBI) are experienced and well regarded by financial institutions, but more resources are needed to provide adequate coverage of this increasingly important area. The supervision of financial institutions’ cybersecurity is highly dependent on self-assessments by the regulated entities themselves and independent reviews carried out by third parties. CBI should regularly revise the list of critical operations and critical service providers for internal use and for presentation to the Financial Stability Committee and Financial Stability Council. CBI is encouraged to enhance its incident dashboard by summarizing cyber incidents and examining trends.
Keywords:
C. supervision approach; payment services directive; markets authority; market infrastructure; cash payment; Cyber risk; Financial sector stability; Financial sector; Payment systems; Operational risk; Europe; Baltics; Global
Cover IMF Staff Country Reports
Trinidad and Tobago: Technical Assistance Report-Strengthening Cybersecurity in Financial Institutions
International Monetary Fund. Monetary and Capital Markets Department
This technical note evaluates strengthening cybersecurity in financial institutions of Trinidad and Tobago. The deliverables included a capacity-building seminar on regulation of cyber risk. The Central Bank of Trinidad and Tobago identified the need for filling regulatory gaps and desires to issue a focused guideline on cybersecurity covering governance, risk management, incident reporting, and cyber hygiene, and intends to develop a draft guideline for consultation with its regulated institutions in the first quarter of 2023. Supervisory arrangements for Information and Communication Technology/cyber risks need further improvements and resource constraints within Financial Institutions Supervision Department need to be addressed urgently. The Identity and Access Management project has been formally set up and is now in Phase 1, which is considered preparatory. The governance of the project, the high-level roadmap, and the deliverables for Phase 1 are generally in line with good practices. It is recommended to establish regular cybersecurity meetings and reporting regime at the Board level with the participation of the Head of IT Security.
Keywords:
cybersecurity governance; Cybersecurity governance assessment; cybersecurity policy; control environment; pension firm; Cyber risk; Pensions; Insurance; Payment systems; Financial sector; Global
Cover IMF Staff Country Reports
Sweden: Financial Sector Assessment Program–Technical Note on Cybersecurity Risk Supervision and Oversight
International Monetary Fund. Monetary and Capital Markets Department
This technical assistance report discusses Cybersecurity Risk Supervision and Oversight in Sweden. Sweden’s financial sector is highly digitized and interconnected, and the related technological developments heighten cyber threats and vulnerabilities. Sweden is well-served with agencies engaged with cybersecurity, but the roles and responsibilities of each in respect to the cyber security of the financial sector should be clarified and barriers to sharing information resolved. It is important that the financial sector engages with and helps to shape the activities of the National Cyber Security Centre. Cyber incident reporting frameworks are in place, as are some, limited, information sharing for a, but there is still an appetite from financial institutions to receive more information on threats and incidents. Contingency plans and crisis protocols should be established for large-scale cyber-attacks affecting the Swedish financial sector. The Swedish authorities are advised to identify and address the barriers to information sharing between government agencies, the financial authorities, and the private sector.
Keywords:
NIST cyber security framework; supervisory authority; crisis management exercise; Finansinspektionen organization chart; telecom authority; Cyber risk; Financial sector; Securities; Operational risk; Financial Sector Assessment Program; Baltics
Cover IMF Staff Country Reports
Mexico: Financial Sector Assessment Program-Technical Note on Cyber Resilience and Financial Stability
International Monetary Fund. Monetary and Capital Markets Department
Mexico’s financial system is digitalizing rapidly, increasing exposure to cyber risk. As in other jurisdictions, internet and mobile banking users in Mexico have increased substantially, but cyber incidents have also surged in recent years. The tight interdependencies within its financial system, and beyond, make Mexico vulnerable to evolving cyber threats. Thus, the Financial System Stability Council (CESF) has recognized cyber as a risk with potential to impact financial stability.
Keywords:
information security; financial system Stability Council; cybersecurity risk supervision; Banco de México; supervision of participant; simulation exercise; payment system oversight function; Cyber risk; Financial sector; Financial sector stability; Infrastructure; PFM information systems; Global
Cover IMF Staff Country Reports
Ireland: Financial Sector Assessment Program-Technical Note on Oversight of Fintech
International Monetary Fund. Monetary and Capital Markets Department
This Technical Note on Oversight of Fintech explains that Ireland’s fintech sector is growing in importance through the entry of innovative new players and digital transformation of incumbents’ business models and products. This note seeks to identify risks arising from fintech as well as policy responses by authorities. The Irish Government has adopted a Strategy implemented by annual action plans for the development of Ireland’s international financial services sector that includes several initiatives of relevance to fintech. The Central Bank has an Innovation Hub that provides a single point of contact for stakeholders on fintech-related issues. Under the EU’s passporting framework host regulators receive limited information on the activities that passporting entities carry out in their jurisdiction. Incumbent retail banks in Ireland are dedicating significant resources to digital transformation, while fintechs are enlarging consumer choice through innovative new services. The Central Bank should further intensify its efforts to monitor developments on crypto-assets through systematic data collection within the scope of its powers and, where unacceptable risks remain, issue carefully targeted warnings and investor communications.
Keywords:
central bank of Ireland; support firm; markets authority; host regulator; customer base; Fintech; Virtual currencies; Financial sector; Anti-money laundering and combating the financing of terrorism (AML/CFT); Global; Cyber risk
Cover IMF Staff Country Reports
South Africa: Financial Sector Assessment Program-Technical Note on Cybersecurity Risk Supervision and Oversight
International Monetary Fund. Monetary and Capital Markets Department
Cybersecurity risk continues to grow both in complexity and severity and is a function of an increasingly open and interconnected cyber and financial ecosystem. The South African financial system has a long history of incorporating technology and as for many financial systems across the globe, digitalization has become a strategic priority. For risk management to keep pace with the dynamic nature of cyber threats and threat agents, systemically important financial institutions (SIFIs) have made substantial investments in cyber resilience programs (e.g., establishing cyber strategies, frameworks, and governance structures). Consistent with many jurisdictions, and partly a result of widespread remote working arrangements implemented in response to the global pandemic, cybersecurity threats to financial stability increased. However, high standards of risk management meant threats did not materialize into significant losses and/or disruptions.
Keywords:
IMF-World Bank Financial Sector Assessment Program; payment system management body; securities commission; cybersecurity risk; FSAP's finding; committee on payment; clearing house; Cyber risk; Financial sector; PFM information systems; Operational risk; Payment systems; Africa; Global
Cover IMF Staff Country Reports
United Kingdom: Financial Sector Assessment Program-Some Forward Looking Cross-Sectoral Issues
International Monetary Fund. Monetary and Capital Markets Department
The United Kingdom faces significant money laundering threats from foreign criminal proceeds, owing to its status as a global financial center, but the authorities have a strong understanding of these risks. The authorities estimated the realistic possibility of hundreds of billions of pounds of illicit proceeds being laundered in their jurisdiction. The money laundering risks facing the United Kingdom include illicit proceeds from foreign crimes such as transnational organized crime, overseas corruption, and tax crimes. Financial services, trust, and company service providers (TCSPs), accountancy and legal sectors are high-risk for money laundering, with also significant emerging risks coming from cryptoassets. Some Crown Dependencies (CDs) and British Overseas Territories (BOTs) have featured in U.K. money laundering investigations. Brexit and COVID pandemic have an impact upon the money laundering risks in the United Kingdom. The authorities nevertheless have demonstrated a deep and robust experience in assessing and understanding their ML/TF risks. Leveraging technology tools such as big data and machine learning to analyze cross-border payments may add further dimension to their risk assessments. This technical note (TN) will focus on key aspects of the United Kingdom’s anti-money laundering and countering the financing of terrorism (AML/CFT) regime: risk-based AML/CFT supervision, entity transparency and international cooperation.
Keywords:
information sharing; financial services markets act; infrastructure regulation; resilience Group; framework review; prudential regulation committee; NIST cyber security framework; Anti-money laundering and combating the financing of terrorism (AML/CFT); Cyber risk; Global
Cover IMF Working Papers
Operational Resilience in Digital Payments: Experiences and Issues
Mr. Tanai Khiaonarong, Mr. Harry Leinonen, and Ryan Rizaldy
Major operational incidents in payment systems suggest the need to improve their resiliency. Meanwhile, as payment infrastructures become more digitalized, integrated, and interdependent, they require an even higher degree of resilience. Moreover, risks that could trigger major disruptions have become more acute given the rise in power outages, cyber incidents, and natural disasters. International experiences suggest the need to strengthen reliability objectives, redundancies, assessment of critical service providers, endpoint security, and alternative arrangements
Keywords:
Operational resilience; payment systems; risks; disasters; business continuity; disruption scenario; payment infrastructure; business continuity arrangement; tandem payment processing design; payments experience; Payment systems; Operational risk; Cyber risk; Natural disasters; Infrastructure; Global
Cover IMF Working Papers
Central Bank Risk Management, Fintech, and Cybersecurity
Mr. Ashraf Khan and Majid Malaika
Based on technical assistance to central banks by the IMF’s Monetary and Capital Markets Department and Information Technology Department, this paper examines fintech and the related area of cybersecurity from the perspective of central bank risk management. The paper draws on findings from the IMF Article IV Database, selected FSAP and country cases, and gives examples of central bank risks related to fintech and cybersecurity. The paper highlights that fintech- and cybersecurity-related risks for central banks should be addressed by operationalizing sound internal risk management by establishing and strengthening an integrated risk management approach throughout the organization, including a dedicated risk management unit, ongoing sensitizing and training of Board members and staff, clear reporting lines, assessing cyber resilience and security posture, and tying risk management into strategic planning.. Given the fast-evolving nature of such risks, central banks could make use of timely and regular inputs from external experts.
Keywords:
IMF Risk Management TA; risk landscape; B. IMF AIV; IMF surveillance; case example; Fintech; Central bank risk management; Cyber risk; Operational risk; Global; Middle East and Central Asia; Asia and Pacific; Western Hemisphere; Eastern Europe
Cover Staff Discussion Notes
Cyber Risk and Financial Stability: It’s a Small World After All
Frank Adelmann, Ms. Jennifer A. Elliott, Ibrahim Ergen, Tamas Gaidosch, Nigel Jenkinson, Mr. Tanai Khiaonarong, Anastasiia Morozova, Nadine Schwarz, and Christopher Wilson
The ability of attackers to undermine, disrupt and disable information and communication technology systems used by financial institutions is a threat to financial stability and one that requires additional attention.
Keywords:
Cyber risk; Cybersecurity; Financial regulation; operational resilience; risk management; information sharing; market infrastructure; sharing of information; cybercrime support services; evolution of cyberattack; Financial sector stability; Financial sector risk; Financial stability assessment; Financial sector; Global