Group items tagged

Small and medium-sized enterprises (SMEs) dominate the business landscape in the Middle East and North Africa region, yet they face impediments to growth, being handicapped by limited access to credit, unfavorable business environments, and talent gaps. Digital technologies present new opportunities for these businesses to achieve faster growth. To increase demand for digital services, governments should develop digital literacy and awareness programs as well as foster consumer trust by strengthening frameworks for cybersecurity, digital identification, data privacy, and consumer protection. The digital strategy must be underpinned by financial sector and business environment reforms, particularly strengthening financial infrastructures and business support.

As federal authorities and cybersecurity experts rush to identify the full scope of the SolarWinds compromise, the list of known targets grows. The fallout from the cyberattack on the Texas-based software company appears to be vast, with a slew of powerful U.S. government agencies and businesses seemingly being infected by hackers who are believed to be affiliated with Russia. SolarWinds says it has identified 18,000 customers potentially affected by the incident, which saw the culprits hijack software updates for a widely-used IT monitoring tool called "Orion" to spread malware, seemingly with the intention of espionage.

A global survey of Chartered Financial Analysts (CFA) Institute members found limited understanding of and support for central bank digital currency (CBDC). 42% of respondents believe that central banks should launch CBDCs, 34% disagreed, while only 13% said they had a strong understanding of CBDCs. The top reason cited to support launching a CBDC was to accelerate payments and transfers, with the chief concerns being focused on cybersecurity and fraud, data privacy, and lack of use cases. Respondents in emerging markets were more receptive to CBDC and they CBDC would enhance financial inclusion. Respondents in advanced economies were generally more satisfied with the current financial infrastructure and more skeptical of the need for a CBDC.

According to the latest KPMG Pulse of Fintech report H1 2023 was difficult for the fintech market globally, with both total funding and the number of deals dropping. There was increasing focus on operational efficiency, sustainable cash flows, and profitability. Crypto funding declined in the wake of sector challenges, combined with increasing focus on broader blockchain solutions. However, there is rapidly growing interest in potential use cases for generative AI, particularly in cybersecurity, insurtech, and wealthtech.

The Federal Reserve Board issued a policy statement to promote a level playing field for all banks with a federal supervisor, regardless of deposit insurance status. The statement makes clear that uninsured and insured banks supervised by the Board will be subject to the same limitations on activities, including novel banking activities, such as crypto-asset-related activities. The statement also makes clear that uninsured and insured banks supervised by the Board would be subject to the limitations on certain activities imposed on national banks, which are overseen by the Office of the Comptroller of the Currency. The equal treatment will promote a level playing field and limit regulatory arbitrage... The Board generally believes that issuing dollar- denominated tokens (dollar tokens) using distributed ledger technology or similar technologies on open, public, and/or decentralized networks, or similar systems is highly likely to be inconsistent with safe and sound banking practices. The Board believes such tokens raise concerns related to operational, cybersecurity, and run risks, and may also present significant illicit finance risks, because-depending on their design-such tokens could circulate continuously, quickly, pseudonymously, and indefinitely among parties unknown to the issuing bank. Importantly, the Board believes such risks are pronounced where the issuing bank does not have the capability to obtain and verify the identity of all transacting parties, including for those using unhosted wallets.

"A CBDC poses substantial risks to financial privacy, financial freedom, free markets, and cybersecurity. Yet the purported benefits fail to stand up to scrutiny. There is no reason for the U.S. government to issue a CBDC when the costs are so high and the benefits so low."

"More than 2,100 computers around the world were infected over the weekend with ransomware that exploited a two-year-old vulnerability in server software made by VMware Inc., according to cybersecurity researchers and authorities."

The US Federal Reserve Board issued a policy statement that said that issuing dollar-denominated tokens on open, public, and/or decentralized networks, or similar systems is highly likely to be inconsistent with safe and sound banking practices. The Board believes such tokens raise concerns related to operational, cybersecurity, and run risks, and may also present significant illicit finance risks, because-depending on their design-such tokens could circulate continuously, quickly, pseudonymously, and indefinitely among parties unknown to the issuing bank. Importantly, the Board believes such risks are pronounced where the issuing bank does not have the capability to obtain and verify the identity of all transacting parties, including for those using unhosted wallets.

The Hong Kong Monetary Authority (HKMA), has added a central bank digital currency (CBDC) section to the annual Global Fast Track business competition to encourage research into the use cases of digital currencies. Companies are invited invited to pitch business plans relating to the adoption, programmability, interoperability, privacy, cybersecurity, foreign exchange and liquidity management, and offline payments of CBDCs. Shortlisted applicants will then enter a pitching session exclusive for the track and compete for three awards. All qualified candidates may also have the opportunities to work with the HKMA on research projects and pilots to foster the future growth of the CBDC ecosystem.

The Oliver Wyman Forum, in partnership with DBS, JP Morgan's Onyx, and SBI, published a paper that makes the case for "institutional DeFi" , a system that combines the power and efficiency of decentralized finance (DeFi) software protocols with a level of protections and controls that regulators demand and customers expect. These include identity solutions to enable financial institutions to comply with anti-money laundering (AML) and know your customer (KYC) regulations, strong cybersecurity to minimize the threat of hacking incidents, and recourse mechanisms to make investors whole if something goes wrong.

The Asian Development Bank (ADB) published a paper that outlines why regulators urgently to adapt and adopt flexible policies that improve oversight of emerging products and providers. It sketches out the fintech landscape and explains how economies can encourage innovation while increasing international cooperation to insulate against the growing financial, operational, and cybersecurity risks the new technology brings.

"A solely controlled DLT is centralized and therefore requires as much attention to cybersecurity as any other centralized technology. A consortium DLT is decentralized for its members, but will always be centralized for outside users (if, of course, the DLT is designed for public use). At the same time, the use of such a DLT can be fruitful in a private application among independent members, but be careful with objectives as it can be considered a cartel and questioned by antitrust bodies."

"Given the rapid pace of technological experimentation and development, and the multitude of variables at play, it can be challenging to assess the best technology choices for a new central bank digital currency (CBDC). This WEF white paper is intended to guide central banks and other decision-makers through major technology considerations for CBDC. It is divided into three parts: 1) discussion of CBDC technical design considerations given various policy goals, 2) an evaluation of the pros and cons, or trade-offs, of the use of distributed ledger technology in CBDC infrastructure, and 3) an overview of important cybersecurity risks and considerations for any CBDC."

A technical report on the Central Bank of Jordan's (CBJ's) retail central bank digital currency (CBDC) explorations briefly appeared on the IMF's web page.. It was taken down before I could download it, but AgenParl news service published the abstract: "The report analyzes the retail payments markets of Jordan to identify pain points that retail CBDC (rCBDC) could address. It finds that retail payment systems in Jordan are highly integrated, enabling customers to make interoperable transactions between banks and non-bank Payment Service Providers. The country's cross-border remittance market is competitive, but may benefit from the reduced transactions cost associated with rCBDC. Despite generally accessible and appropriate product offerings and an enabling environment, various barriers prevent customers from extensively using digital means of payment. Hence, rCBDC might create an opportunity to overcome these barriers, thus making a cross-border rCBDC worth consideration. However, the CBJ should rigorously evaluate benefits against risks and costs before forging ahead. Meanwhile, the CBJ should develop capacity to address technology, cybersecurity, financial integrity, and legal issues."

The International Monetary Fund (IMF) is recommending several phases and "extensive" pilot projects for the Bangko Sentral ng Pilipinas (BSP) wholesale central bank digital currency (CBDC) especially in cybersecurity issues, laws and regulations that will cover implementation. A wholesale CBDC is being considered in the Philippines as a possible means to enhance existing payment and settlement functions. While the BSP charter, amended in 2019, does allow for the issuance of wholesale CBDC, the regulatory framework "may need to be revisited to ensure governance and financial stability risks are addressed." https://www.imf.org/en/Publications/CR/Issues/2022/12/15/Philippines-2022-Article-IV-Consultation-Press-Release-and-Staff-Report-526983

The New York Department of Financial Services reached a $100 million settlement with Coinbase over issues regarding the company's compliance programs. Coinbase will be required to pay $50 million as a penalty and invest an additional $50 million to bolster its abilities to comply with financial regulations, such as transaction monitoring and know your customer (KYC) rules. The department said it found "significant failures" in Coinbase's compliance program that violated New York Banking Law and state regulations regarding virtual currencies, money transmitting, transaction monitoring, and cybersecurity.

The IMF published a paper that uses a comprehensive dataset to investigate the emergence and spread of fintech in a diverse panel of 98 countries over the period 2012-2020. This empirical analysis shows that financial factors-ranging from overall financial development to the prevalence of ATMs and commercial bank branches and the availability of credit registries tend to be associated with higher levels of fintech. Demographic forces including population growth, urbanization and a young population composition make a significant contribution to the development of fintech. In addition, the technological infrastructure-as measured by mobile phone and broadband internet subscriptions and the number of secure internet servers-is positively and decisively associated with faster-growing fintech, which tends to be more dependent on information and telecommunication technologies and also vulnerable to cybersecurity risks.

Circle will be launching the Circle Payments Network (CPN) to connect financial institutions to enable real-time settlement of cross-border payments using regulated stablecoins. CPN will require participants to meet strict eligibility standards, including licensing, AML/CFT compliance, financial risk management, and cybersecurity protocols. By leveraging USDC, EURC, and other regulated stablecoins, CPN will enable seamless connectivity to domestic real-time payment systems worldwide, while upholding the compliance, security, and trust required for financial institutions to meet their regulatory obligations. Powered by smart contract infrastructure and modular APIs, the network will enable third-party developers to build advanced modules, app services, and automated financial workflows directly on top of CPN.

The Journal of Cybersecurity published a paper that proposes a secure offline payment model utilizing a Trusted Platform Module (TPM) to enhance the security of digital currency transactions. Additionally, the monotonic counter, the basic component of the TPM, is integrated into this model to prevent double spending in a completely offline environment. The research presents a protocol model that combines these easily implementable technologies to facilitate the efficient processing of transactions entirely offline. However, it is crucial to acknowledge the security implications associated with the TPMs and near-field communications upon which this protocol relies.

Crypto agility describes the capabilities needed to replace and adapt cryptographic algorithms for protocols, applications, software, hardware, and infrastructures without interrupting the flow of a running system to achieve resiliency. This draft NIST Cybersecurity White Paper (CSWP) provides an in-depth survey of current approaches and considerations to achieving crypto agility. It discusses challenges, trade-offs, and some approaches to providing operational mechanisms for achieving crypto agility while maintaining interoperability. It also highlights some critical working areas that require additional discussion.