addressing cyber security risks in emerging financial ......komitas stepanyan, phd, crisc, crma,...
Post on 23-Jan-2021
4 Views
Preview:
TRANSCRIPT
Addressing Cyber Security Risks
in Emerging Financial Sectors
November 20, 2019
Setting The Stage: Cyber Security Challenges And Trends In Emerging Financial Markets
Judith Frickenstein, GIZ
Juliet Maina, GSMA
Komitas Stepanyan, Central Bank of Armenia
Prof. Dr. Dirk Zetzsche, University of Luxembourg
THE DARK SIDE OF DIGITAL FINANCIAL TRANSFORMATION:
THE NEW RISKS OF FINTECH AND THE RISE OF TECHRISK
Prof. Dr. Dirk A. Zetzsche, LL.M.ADA Chair in Financial Law (inclusive finance)
University of Luxembourg
Based on Buckley/Arner/Zetzsche/Segla, Sing. J. Leg. St., in press,
pre-print available at: www.ssrn.com/abstract =3478640
1.0 2.0
3.0
3.5
1866 - 1967 1968 - 2007 2008 - Present
Infrastructure Banks Start-ups
2007
4.0
TechFin
Identity
Big Data
AI
IoT
Decentralized
Dev
elo
ped
Wo
rld
Dev
elo
pin
g W
orl
d
Telegraph
Telephone
ATM
E-
Banking
P2P
Credit
Scoring
FinTech Evolution
Framework of Analysis
New sources of traditional risks: Credit? Payment? Market?
Legal? Operational?
New risks? TechRisk
New systems / structures? Technology today is no longer the
constraint in an increasing range of cases – Libra …
Key Areas of Concern
▪Cybersecurity
▪Data security / protection
▪TechFin / BigTech
▪Technological risks: New infrastructure
▪Interoperability / connectivity
▪International / regional cooperation
Cybersecurity
▪No. 1 national security, public security AND financial stability risk
▪Incumbents
▪Infrastructure: old and new
▪New entrants: small and large
▪Regulators / governments
▪Use of same software and service providers (cloud...)
▪Markets: Flashcrash …
Hostile and other actors
▪Participants
• Hackers
• Hacktivists
• Terrorists
• Criminals: of all types
• Corporations
• Sovereign / quasi sovereign
▪Purposes
• Fun
• Destruction
• Message
• Theft: old and new
• Warfare
BigTech / TechFin
▪Network effects
▪Regulation: new SIFIs
▪Competition / antitrust
▪Non-traditional infrastructure
Non-traditional infrastructure
▪Data
▪“financial operating systems”: Aladin
▪Cloud: FinTechs, incumbents, SIFIs, BigTech / TechFin
▪New infrastructure: blockchain
▪Libra, stablecoins, CBDCs, public-private: Utility Settlement
Coin (USC)
Interoperability / interconnectivity
▪Traditional
▪New
TechRisk
New sources of traditional risk
New risks
Necessitates: monitoring, understanding, system design,
technology, international cooperation
RegTech
What to do?
▪Financial sector: risk management systems, data
protection systems, contingency planning, insurance
▪Regulators: monitoring, supervisory review, information
sharing, sandboxes / stress tests / war games / contingency
plans, capital
▪Governments: training / human capital, defense / planning
▪International / regional cooperation / information sharing
Thanks!
Prof. Dr. Dirk Zetzsche, LL.M.
ADA Chair in Financial Law (Inclusive Finance)
Faculty of Law, Economics & Finance
University of Luxembourg
Dirk.Zetzsche@uni.lu
Readings on FinTech
Regulatory Sandboxes
www.ssrn.com/abstract=3018534
TechFin / Data-driven Finance
www.ssrn.com/abstract=2959925
Distributed Ledgers / Blockchain
www.ssrn.com/abstract=3018214
eID / KYC Utilitieswww.ssrn.com/abstract=3224115
Corporate Technologies (AI etc.)
www.ssrn.com/abstract=3392321
ICO Gold Rush
www.ssrn.com/abstract=3072298Regulating Libra
www.ssrn.com/abstract =3414401
Rise of Tech Risk
www.ssrn.com/abstract=3478640
FT4FI Roadmap
www.ssrn.com/abstract=3245287
Future of Data-Driven Finance
www.ssrn.com/abstract=3359399
Cyber Security Risks For Central Banks in
Emerging and Developing Countries
Komitas Stepanyan, PhD, CRISC, CRMA, Cobit
Deputy Head of Internal Audit
20 November, 2019
17
Cybersecurity – more than a real threat
People Process Technologies
RISK
18
What does the regulators/supervisors need to know?
• Clear understanding of what cyber risk means and how it could harm a bank’s and/
or financial sector viability
• Able to challenge the supervised institutions
• Ability to asses if 3 lines of defense is functioning at the supervised institutions
o Good knowledge of the institutions’ IT/Info/Cyber governance and strategy
o Understanding the institution’s IT/Info/Cyber risk management framework
• Knowledge of the institutions ICT/cyber risk profile, including critical assets and
processes, relevant threats, existing vulnerabilities and mitigating controls
• Understanding of bank’s dependencies
Cybersecurity governance for Mobile Money providers
Juliet Maina, Advocacy and
Regulatory Manager, GSMA
20th November 2019
Photograph by Trung Vo Chi
20
About The GSMA
21
“Generally, it refers to the protection, by any means, of network-
related systems and devices and the software and data they
contain… typically comprises the protection of technical
infrastructure, procedures and workflows, physical assets, national
security as well as the confidentiality, integrity and availability of
information.”
What is Cybersecurity?
Source: GSMA Mobile Policy Handbook, 2019
23
Cybersecurity
governance
framework.
The report on Cybersecurity in mobile money is now
available.
Cybersecurity
in mobile
moneyGSMA Mobile Money Group
@GSMAMobileMoney
mobilemoney@gsma.com
gsma.com/mobilemoney
Follow us on social media
Setting The Stage: Cyber Security Challenges And Trends In Emerging Financial Markets
Judith Frickenstein, GIZ
Juliet Maina, GSMA
Komitas Stepanyan, Central Bank of Armenia
Prof. Dr. Dirk Zetzsche, University of Luxembourg
top related