Recap of TC's Executive Panel - "Cyber Security: Managing the Breach"
Monday, April 30, 2018 | Video
The panel was introduced by Rob Stewart, Canada’s G7/G20/FSB Deputy and Associate Deputy Minister of Finance, and Tobias Adrian, Financial Counsellor and Director, Monetary and Capital Markets Department, International Monetary Fund (IMF). They talked about the G7 and G20 agendas and the IMF’s efforts in relation to cyber risk. Cyber risk has been identified as a major issue by both the G7 and the G20, and the IMF.
The discussion was skillfully moderated by Aditya Narain, Deputy Director, Monetary and Capital Markets Department, IMF, and Board Member, Toronto Centre.
Four distinguished senior panelists discussed existing regulations, guidance, supervisory practices, industry standards as well as what needs to be done to create cyber resilient financial systems.
High level summary of observations:
- Although cyber risk is not new, it has become a primary concern because of new technological developments. Regulatory and supervisory authorities, international organizations and standard setting bodies, have identified it as a key risk to financial systems. The Basel Committee on Banking Supervision (BCBS) is working to ensure that there is sufficient interaction among countries and authorities.
- Technological innovation in financial services holds a lot of potential, from lowering costs to promoting financial inclusion. It is important to embrace innovative technology without creating financial stability issues.
- Cyber risk becomes more complicated when cross-border issues are involved. Authorities must understand the issues and risks and communicate with each other. More standardization and coordination are needed among supervisors in different countries.
- Sharing information raises confidentiality issues posed by laws and regulations. Competition is another issue for financial institutions as they are often competitors, which may pose challenges with communication.
- Central banks play more of a “catalyst” role regarding cyber risk. They have issued guidance, including concrete expectations for financial institutions on how to make sure their systems are cyber resilient.
- Service providers encourage sharing of information on threats and best practice across the SWIFT community. There are more compliance requirements for service providers to mitigate cyber risk.
- SWIFT has rolled out guidelines and resources needed to support users’ compliance to promote cyber resilience. The focus is now on meeting its baseline security standards and achieving compliance before the end of the year.
- Detection and prevention of cyber-security attacks will continue to be a high priority for everyone. The Financial Stability Board is also working to develop a cyber lexicon for clarity and efficiency of communication on cyber risk.
WATCH THE DISCUSSION: