Computers > Online Safety & Privacy

You are looking at 1 - 10 of 19 items for

  • Type: Journal Issue x
Clear All Modify Search
International Monetary Fund. Monetary and Capital Markets Department
This technical note focuses on cyber and operational resilience, supervision and oversight in Iceland. The Icelandic financial sector has not experienced seriously disruptive cyber-attacks or operational issues in recent years, but threats are growing. Iceland’s dependence on international connectivity for both debit and credit card systems introduces a significant vulnerability into the payment system. There is no dedicated cyber security strategy for the finance sector. Operational risk experts in the Central Bank of Iceland (CBI) are experienced and well regarded by financial institutions, but more resources are needed to provide adequate coverage of this increasingly important area. The supervision of financial institutions’ cybersecurity is highly dependent on self-assessments by the regulated entities themselves and independent reviews carried out by third parties. CBI should regularly revise the list of critical operations and critical service providers for internal use and for presentation to the Financial Stability Committee and Financial Stability Council. CBI is encouraged to enhance its incident dashboard by summarizing cyber incidents and examining trends.
International Monetary Fund. Monetary and Capital Markets Department
This technical note evaluates strengthening cybersecurity in financial institutions of Trinidad and Tobago. The deliverables included a capacity-building seminar on regulation of cyber risk. The Central Bank of Trinidad and Tobago identified the need for filling regulatory gaps and desires to issue a focused guideline on cybersecurity covering governance, risk management, incident reporting, and cyber hygiene, and intends to develop a draft guideline for consultation with its regulated institutions in the first quarter of 2023. Supervisory arrangements for Information and Communication Technology/cyber risks need further improvements and resource constraints within Financial Institutions Supervision Department need to be addressed urgently. The Identity and Access Management project has been formally set up and is now in Phase 1, which is considered preparatory. The governance of the project, the high-level roadmap, and the deliverables for Phase 1 are generally in line with good practices. It is recommended to establish regular cybersecurity meetings and reporting regime at the Board level with the participation of the Head of IT Security.
International Monetary Fund. Monetary and Capital Markets Department
This technical assistance report discusses Cybersecurity Risk Supervision and Oversight in Sweden. Sweden’s financial sector is highly digitized and interconnected, and the related technological developments heighten cyber threats and vulnerabilities. Sweden is well-served with agencies engaged with cybersecurity, but the roles and responsibilities of each in respect to the cyber security of the financial sector should be clarified and barriers to sharing information resolved. It is important that the financial sector engages with and helps to shape the activities of the National Cyber Security Centre. Cyber incident reporting frameworks are in place, as are some, limited, information sharing for a, but there is still an appetite from financial institutions to receive more information on threats and incidents. Contingency plans and crisis protocols should be established for large-scale cyber-attacks affecting the Swedish financial sector. The Swedish authorities are advised to identify and address the barriers to information sharing between government agencies, the financial authorities, and the private sector.
International Monetary Fund. Monetary and Capital Markets Department
Mexico’s financial system is digitalizing rapidly, increasing exposure to cyber risk. As in other jurisdictions, internet and mobile banking users in Mexico have increased substantially, but cyber incidents have also surged in recent years. The tight interdependencies within its financial system, and beyond, make Mexico vulnerable to evolving cyber threats. Thus, the Financial System Stability Council (CESF) has recognized cyber as a risk with potential to impact financial stability.
International Monetary Fund. Monetary and Capital Markets Department
This Technical Note on Oversight of Fintech explains that Ireland’s fintech sector is growing in importance through the entry of innovative new players and digital transformation of incumbents’ business models and products. This note seeks to identify risks arising from fintech as well as policy responses by authorities. The Irish Government has adopted a Strategy implemented by annual action plans for the development of Ireland’s international financial services sector that includes several initiatives of relevance to fintech. The Central Bank has an Innovation Hub that provides a single point of contact for stakeholders on fintech-related issues. Under the EU’s passporting framework host regulators receive limited information on the activities that passporting entities carry out in their jurisdiction. Incumbent retail banks in Ireland are dedicating significant resources to digital transformation, while fintechs are enlarging consumer choice through innovative new services. The Central Bank should further intensify its efforts to monitor developments on crypto-assets through systematic data collection within the scope of its powers and, where unacceptable risks remain, issue carefully targeted warnings and investor communications.
International Monetary Fund. Monetary and Capital Markets Department
Cybersecurity risk continues to grow both in complexity and severity and is a function of an increasingly open and interconnected cyber and financial ecosystem. The South African financial system has a long history of incorporating technology and as for many financial systems across the globe, digitalization has become a strategic priority. For risk management to keep pace with the dynamic nature of cyber threats and threat agents, systemically important financial institutions (SIFIs) have made substantial investments in cyber resilience programs (e.g., establishing cyber strategies, frameworks, and governance structures). Consistent with many jurisdictions, and partly a result of widespread remote working arrangements implemented in response to the global pandemic, cybersecurity threats to financial stability increased. However, high standards of risk management meant threats did not materialize into significant losses and/or disruptions.
International Monetary Fund. Monetary and Capital Markets Department
The United Kingdom faces significant money laundering threats from foreign criminal proceeds, owing to its status as a global financial center, but the authorities have a strong understanding of these risks. The authorities estimated the realistic possibility of hundreds of billions of pounds of illicit proceeds being laundered in their jurisdiction. The money laundering risks facing the United Kingdom include illicit proceeds from foreign crimes such as transnational organized crime, overseas corruption, and tax crimes. Financial services, trust, and company service providers (TCSPs), accountancy and legal sectors are high-risk for money laundering, with also significant emerging risks coming from cryptoassets. Some Crown Dependencies (CDs) and British Overseas Territories (BOTs) have featured in U.K. money laundering investigations. Brexit and COVID pandemic have an impact upon the money laundering risks in the United Kingdom. The authorities nevertheless have demonstrated a deep and robust experience in assessing and understanding their ML/TF risks. Leveraging technology tools such as big data and machine learning to analyze cross-border payments may add further dimension to their risk assessments. This technical note (TN) will focus on key aspects of the United Kingdom’s anti-money laundering and countering the financing of terrorism (AML/CFT) regime: risk-based AML/CFT supervision, entity transparency and international cooperation.
Mr. Tanai Khiaonarong, Mr. Harry Leinonen, and Ryan Rizaldy
Major operational incidents in payment systems suggest the need to improve their resiliency. Meanwhile, as payment infrastructures become more digitalized, integrated, and interdependent, they require an even higher degree of resilience. Moreover, risks that could trigger major disruptions have become more acute given the rise in power outages, cyber incidents, and natural disasters. International experiences suggest the need to strengthen reliability objectives, redundancies, assessment of critical service providers, endpoint security, and alternative arrangements
Mr. Ashraf Khan and Majid Malaika
Based on technical assistance to central banks by the IMF’s Monetary and Capital Markets Department and Information Technology Department, this paper examines fintech and the related area of cybersecurity from the perspective of central bank risk management. The paper draws on findings from the IMF Article IV Database, selected FSAP and country cases, and gives examples of central bank risks related to fintech and cybersecurity. The paper highlights that fintech- and cybersecurity-related risks for central banks should be addressed by operationalizing sound internal risk management by establishing and strengthening an integrated risk management approach throughout the organization, including a dedicated risk management unit, ongoing sensitizing and training of Board members and staff, clear reporting lines, assessing cyber resilience and security posture, and tying risk management into strategic planning.. Given the fast-evolving nature of such risks, central banks could make use of timely and regular inputs from external experts.
Frank Adelmann, Ms. Jennifer A. Elliott, Ibrahim Ergen, Tamas Gaidosch, Nigel Jenkinson, Mr. Tanai Khiaonarong, Anastasiia Morozova, Nadine Schwarz, and Christopher Wilson
The ability of attackers to undermine, disrupt and disable information and communication technology systems used by financial institutions is a threat to financial stability and one that requires additional attention.