Group items tagged

According to the World Economic Forum (WEF) low-maturity FinTechs need a common cybersecurity framework and assessment process, tiered according to cybersecurity maturity levels and provide guidance for companies on when they need to adopt and enhance cybersecurity controls as they grow. The solution should start with baseline requirements for controls and assessment, but also provide increasingly complex controls as organizations develop and as their cybersecurity risk management requirements mature. Controls require regular adaptation as technology, threats and business models change. They are granular, specific to the assets they are meant to protect, and may have a limited shelf life. The WEF recommends that these controls should be defined by financial services providers, where the expertise and funding can be deployed at speed, in consultation with cybersecurity experts from other sectors, governmental agencies and relevant civil-society organizations.

The NIST Cybersecurity Framework (CSF) helps organizations better understand, manage, reduce, and communicate cybersecurity risks. NIST is updating the CSF to keep pace with the evolving cybersecurity landscape. The CSF 2.0 Concept Paper released today outlines more significant potential changes in the CSF. It is informed by extensive feedback in response to the NIST Cybersecurity Request for Information and the first workshop on CSF 2.0. NIST is publishing this concept paper to gain additional input before issuing a draft CSF 2.0 this Summer. Please share feedback by March 3, 2023,via cyberframework@nist.gov."

"Cybersecurity, along with technical resilience and sound technical governance, are the most important elements of CBDC technical design. Failure to implement a robust cybersecurity strategy and consider the risks introduced above could compromise citizen data and funds, the success of the CBDC programme, central bank reputational risk and broader opinions of the new currency. Based on past experiences in cybersecurity failures, the bar for security is not only about "keeping the bad guys out" or minimizing unauthorized account access. It must be comprehensive and consider the full spectrum of risks, ensuring that the system works as it was designed and that its integrity remains intact. Only then will CBDC be successful in achieving its goals."

This paper highlights the emerging supervisory practices that contribute to effective cybersecurity risk supervision, with an emphasis on how these practices can be adopted by those agencies that are at an early stage of developing a supervisory approach to strengthen cyber resilience.

The International Monetary Fund (IMF) said that the Bahamas' Sand Dollar central bank digital currency (CBDC) needs better reach and more security to achieve its aims. The IMF noted the Sand Dollar represents only 0.1% of currency in circulation. The country's central bank "should continue strengthening internal capacity - including on cybersecurity and the resilience of systems associated with the Sand Dollar," adding that there are currently "limited avenues to use the Sand Dollar."

The Atlantic Council published a report on cybersecurity issues related to central bank digital currency (CBDC). It analyzes the intertwined questions of policy, design, and security to focus policy makers on how to build secure CBDCs that protect users' data and maintain financial stability. The analysis shows that privacy-preserving CBDC designs are not only possible, but also come with inherent security advantages, compared to current payment systems, that may reduce the risk of cyberattacks.

"This paper documents the evolution of fintech in LAC. In particular, the paper focuses on financial development, fintech landscape for domestic and cross border payments and alternative financing, cybersecurity, financial integrity and stability risks, regulatory responses, and considerations for central bank digital currencies."

"SIX MONTHS OF 2019 are on the books already, and certainly there have been six months' worth of data breaches, supply chain manipulations, state-backed hacking campaigns, and harbingers of cyberwar to show for it. But the hallmark of 2019, perhaps, is feeling like the worst is yet to come. Ransomware is an ever-growing threat, corporate and US government security is still a mess, and geopolitical tensions are rising worldwide."

Given that the ECCB has a fixed exchange rate regime, monetary policy implications of a CBDC would be limited. [But] key challenges that warrant careful considerations would include risks to financial intermediation, financial integrity, and cybersecurity.

The World Economic Forum published a Blockchain Deployment Toolkit for building more resilient supply chains. The 244-page report includes checklists, guided questions, explainers and risk assessments addressing tax concerns and data privacy; forming a consortium, its ecosystem and governance; public vs private chains; cybersecurity; interoperability; and digital identity, among other concerns.

This IMF paper discusses the benefits and risks of quantum computing. On the risk side, they would crack many of the current encryption algorithms and threaten financial stability by compromising the security of mobile banking, e-commerce, fintech, digital currencies, and Internet information exchange. While the work on quantum-safe encryption is still in progress, the paper recommends that financial institutions take steps now to prepare for the cryptographic transition, by assessing future and retroactive risks from quantum computers, taking an inventory of their cryptographic algorithms (especially public keys), and building cryptographic agility to improve the overall cybersecurity resilience.

Cybersecurity firm, NortonLifeLock, has launched a pilot of Norton Crypto, a tool allowing select Norton 360 users to "safely" mine Ethereum (ETH) through the product. Norton plans to open up the mining service to all of its nearly 13 million 360 customers in the coming months, in the future, to support mining of other "top" cryptos. Norton emphasized that its service allows users to mine without requiring them to switch off their antivirus software.

According to cybersecurity firm Ciphertrace, its software can track 87% of the global cryptocurrency transaction volume, which may mean that authorities can use monitoring methods not only against criminals but also against ordinary people.

As a result of the digitization and datafication of finance, combined with new technologies, cybersecurity and technological risks are now evolving into major threats to financial stability and national security. In addition, the entry of major technology firms into finance - TechFins - brings new issues. The first arises in the context of new forms of potentially systemically important infrastructure (such as data and cloud services providers). The second arises because data - like finance - benefits from economies of scope and scale and from network effects and - even more than finance - tends towards monopolistic or oligopolistic outcomes, resulting in the potential for systemic risk from new forms of "Too Big to Fail" and "Too Connected to Fail" phenomena. This paper suggests some basic principles about how such risks can be monitored and addressed, focusing in particular on the role of regulatory technology ("RegTech").

France's top financial regulator has published new rules regarding the licensing of digital asset service providers (DASPs) as well as guidelines for firms applying for the non-mandatory license and informing the regulator about internal cybersecurity practices.

The U.S. Securities and Exchange Commision (SEC) set forth for comments the circumstances under which broker-dealers can custody digital assets in compliance with Rule 15c3-3 and mitigate the risks of loss or theft. Rule 15c3-3 requires a broker-dealer to obtain and maintain physical possession or control of all fully-paid and excess margin securities it carries for the account of customers. The draft measures basically boil down to keeping security tokens the primary focus of the operation and doing due diligence in terms of cybersecurity and disclosures to clients, including making sure every potential customer is aware that the broker-dealer in question is handling digital asset securities. https://www.sec.gov/news/press-release/2020-340

The "gradual national release of Central Bank of the Bahamas (CBOB) Sand Dollar central bank digital currency (CBDC) will begin on October 20, 2020. In the first phase, authorised financial institutions (AFIs) will ready their systems with know-your-customer (KYC) and other compliance checks across low-value, personal and enterprise wallets. The CBOB said it has subjected the Sand Dollar to a "rigorous cybersecurity assessment" to overcome public fears of paying with a digital currency. Regulations surrounding the Sand Dollar will be "crystalized" in the public space over the month of October. Sand Dollar's second phase, slated for early- through mid-2021, will focus on preparing essential infrastructure services in the government and private sectors, such as utility companies, for the CBDC. https://www.centralbankbahamas.com/news/public-notices/the-sand-dollar-is-on-schedule-for-gradual-national-release-to-the-bahamas-in-mid-october-2020

According to the Capgemini/Efma World Retail Banking Report 2020 57% of consumers now prefer internet banking, up from 49% pre-COVID-19, and 55% prefer banking mobile apps, compared with 47% previously. The report also found that platform-based banks find it up to two-times easier to increase operating profits, unlock new sources of value, and improve operational efficiencies. It also found that 80% of bank executives cited cybersecurity and privacy concerns, outdated data management (68%) and identifying the right partners (73%) as primary barriers to moving to a platform system.

Small and medium-sized enterprises (SMEs) dominate the business landscape in the Middle East and North Africa region, yet they face impediments to growth, being handicapped by limited access to credit, unfavorable business environments, and talent gaps. Digital technologies present new opportunities for these businesses to achieve faster growth. To increase demand for digital services, governments should develop digital literacy and awareness programs as well as foster consumer trust by strengthening frameworks for cybersecurity, digital identification, data privacy, and consumer protection. The digital strategy must be underpinned by financial sector and business environment reforms, particularly strengthening financial infrastructures and business support.

As federal authorities and cybersecurity experts rush to identify the full scope of the SolarWinds compromise, the list of known targets grows. The fallout from the cyberattack on the Texas-based software company appears to be vast, with a slew of powerful U.S. government agencies and businesses seemingly being infected by hackers who are believed to be affiliated with Russia. SolarWinds says it has identified 18,000 customers potentially affected by the incident, which saw the culprits hijack software updates for a widely-used IT monitoring tool called "Orion" to spread malware, seemingly with the intention of espionage.