Trust and cyber security

The Foundation of Banks and Financial Institutions (SBIF) yesterday held the 4th Conference on "Banking Development, Stability and Sustainability".

On the occasion, issues such as new capital treaties and Basel III liquidity agreements were discussed. bank resolution mechanisms and the use of stress tests in risk management; challenges of new technological developments; banking supervision, financial integration; environmentally sound banking and cyber security.

These are highly relevant issues that depend on the fundamental concept of the financial industry: trust. The trust of people in financial institutions is the cornerstone on which the system is built. We can not talk about sustainability or less stability without first referring to trust.

The Trust is based on people's experience and access to financial services.

The essence of the financial system is that people have secure, reliable and lasting access to their money. That's why operational risks and cyber-security risks are so dangerous, because when they take place they have an impact on where they are most afraid, in public confidence. At present, the main risk aspect of the financial industry is its reputation.

There are risks that are always important, such as financial and credit risks, but operational and cyber-related risks prevail over the priority that needs to be addressed.

In the case of a very complex subject, we have become a superintendent with the difficult task of learning to work with identifying and preventing these risks.

Defense strategy against cyber attack must have a very strong preventive component, but the long-term success of institutions depends on the intelligence they do: organizations need to know their enemy, understand how it works, what motivates you if you are looking for money or information.

The scale of the challenge requires a new culture of risk and control environment.

We have to understand that the problem is not that the perpetrator enters the institution but that the institution is not able to realize when it will happen. Simply, institutions must be able to detect thieves as they pass through the door but when they enter, not when they come out.

It is important to realize that the size and complexity of these challenges requires high costs. For smaller institutions, this can mean difficult obstacles to providing services with an adequate level of security.

This requires, inter alia, outsourcing of network services, servers, software development.

Since the function of this criticism is delivered to third parties, it is essential for the institution to have the authority of a company that is able to ask the right questions.

You can delegate this feature, but you must never be responsible. Only managers can assign these risks to the seriousness they have.

This is what is known as "tone from the top" and is what we expect from a mature and more robust industry.

Source link