The Bank of England (BoE) and the UK Treasury are responding to concerns about the vulnerability of UK lenders to computer hackers by requiring board directors to draw up plans to address the issue within the next six months.
As part of the process, the BoE itself will be “reviewing its own resilience”, according to minutes released of last month’s meeting of its financial policy committee (FPC).
In the minutes, the FPC refers to ‘complex legacy IT systems’ at UK banks as a potential vulnerability, as well as the financial system’s “high degree of interconnectedness [and] reliance on centralised market infrastructure”.
Treasury officials are reported to be working on plans to assess, test and improve the system’s resilience to cyber attacks. However the FPC, chaired by Mark Carney who took over as BoE governor on 1 July, wants a ‘concrete plan’ in place before April 2014, with a progress report available by the end of this year.
Peter Armstrong, director, cyber security sector, Thales UK, said the BoE and Treasury’s concern “echoes the sentiments of the KPMG report earlier this year which highlighted the current high level of naivety in the market regarding cyber security.
The KPMG report, issued in August, warned that the next systemic shock to the financial system could come from a ‘new breed of cyber attack’. It found that online account fraud rose 12% last year and that there had been a rise in revenge hits by hackers.
“The FPC have warned that this issue must be tackled at director level within the banking industry , and there is a growing need for companies to acknowledge that cyber security is not just an IT issue, but a business issue,” said Armstrong. “If businesses haven’t realised this, their organisation is already on the back foot. The consequences of cyber attacks are now so severe that cyber defence must become a board room discussion where companies explore what measures need to be put into place to ensure they are acting proactively – not reactively.
“In order to remain poised to react to this evolving threat landscape, banks must continually assess their defence capabilities and employ best practice cyber maturity models to centre around continuous policy evaluation and adaptation. Organisations that prepare for the FPC’s 2014 compliance deadline now are the ones that will gain a competitive edge.”
Alex Fidgen, director at consultancy MWR InfoSecurity, commented: “While the issue of improving security is a complex one, it should be focused around an asset-based approach. Emphasis has to be made in protecting key industry infrastructure, such as payment systems, by blocking all attack paths leading to it, and this can only be achieved by thorough assessment of a company’s assets.”
“In order for the finance industry to understand where security can be improved, they must adopt assessments that replicate some of the attack methods used by more sophisticated attackers, which are often state sponsored.”
He added: “If they miss this stage out, they will not identify how best to defend and will not only waste funds and resources protecting the wrong assets but they will be at serious risk of being hacked.”
Fidgen said that these sorts of measures should apply not only to UK banks but also to any financial institution operating in the European Union (EU), especially as the EU still provides Safe Harbour.
The adoption of advanced defensive programmes is likely to provide these financial institutions with a competitive advantage.
Fidgen added: “More to the point, a demonstrable defence programme will enable financial institutions to pro-actively satisfy regulatory authorities that their asset book can be value assessed accurately, and potentially argue for lower capital to asset ratios under legislation such as Basel III.”
The US money market fund reforms came into effect in 2016 and are already dramatically shaping US fund industry with investors flooding out of prime funds and into government securities. While the reforms are similar, they are not the same. GTNews interviews Yeng Bulter, global head of the cash business at State Street Global Advisors on the differences.
Far and away, the largest financial market on the planet is the foreign exchange currencies market, where on average individuals and organisations trade more than $5 trillion daily. In the FX world, the ability to master the market isn't considered a luxury for treasury officers–it's a necessity.
Using data for predictive analytics is the future of banking success, argued Jean-Laurent Bonnafé, CEO of BNP Paribas, in his session on how the bank is reinventing its approach to innovate with and for corporates.
The top five sectors Asian fintech investors are interested in are data analytics, blockchain, lending, payments and regtech, according to Gary Hwa, EY regional managing partner.