Cybersecurity for financial services / iStock

COVID-19 highlights need for cybersecurity frameworks

Financial institutions must put into place comprehensive and up-to-date guidelines on how to effectively and securely manage technology, speakers told AFI members during member training on 3 June. This was especially important as high number of staff working from home was exposing loopholes in existing cybersecurity frameworks.

Delivering a presentation at the 5th Experts Group on Financial Inclusion Policy (EGFIP) Meeting, Central Bank of Armenia (CBA) Deputy Head of Internal Audit Komitas Stepanyan said that with responses to the COVID-19 outbreak changing how societies function, the speed of such developments had exposed cyber risks among institutions lacking basic security controls, such as virtual private networks (commonly known as VPNs).

Directing his comments at financial regulators, Stepanyan explained that “we need to implement controls on how to securely provide services to our employees, but lots of companies do not have these technologies, such as FinTechs … some are not prepared for this COVID-19 era”.

Citing Google data, Stepanyan noted a 250 percent rise in the number of phishing attacks across the globe to around 520,000 in March compared with less than 150,000 in January.

This, he added, highlighted the need for central banks and other financial regulators to assess the cybersecurity risks of their institutions. Given the uncertain nature of the ongoing crisis, he added that they must also look closely at any existing or upcoming regulatory guidance and make necessary changes to maintain compliance with relevant laws and regulations.

Stepanyan emphasized that efforts to tackle cyber threats must not be taken in isolation, saying that “sharing information is key because cybersecurity is not related to one company or one bank”. 
“If we can find a proper way to securely share information than we can really make some strong barriers that deal with cyber criminals,” he said.

CBA co-hosted the virtual event, which saw expert staff from seven countries represented in AFI’s Eastern Europe & Central Asia Policy Initiative (ECAPI) attend the network’s first virtual regional initiative capacity building event on digital financial literacy. 

Advocating the teaching of digital financial skills from an early age was Bank of Finland Senior Adviser Anu Raijas, who noted its long-term benefits in building wider understanding of related risks and rewards, as well as develop trust in the system and with service providers.

“Digital financial literacy skills are a necessity. People must have a basic knowledge of cybersecurity and data protection security,” she added.

Sharing examples from Finland, Raijas said that efforts to enhance digital financial literacy were not without their challenges, explaining that consumers were often overwhelmed by concepts such as virtual money and hidden charges, as well as the fast development of FinTech products.

She added that while private and public sector actors were already closely collaborating to promote financial literacy across the country, there needed to be greater focus on women, explaining that a significant number were living alone and, therefore, needed knowledge on how to manage their finances.

Also emphasizing the importance of partnerships between multiple stakeholders was the European Central Bank’s Klaus Lober, head of oversight, who noted that innovation in digital products and services was also giving rise to new sectoral risks.

“The key issue is the evolving nature [of the threats]. You never reached the state where you can lean back, relax and say that you have done your job. You need to be on the spot constantly to see what else needs to be done to respond to changes in the cyber ecosystem,” he said, adding that third party and outsourcing firms provided “entry points for risks”.

While cybersecurity is an ever-changing challenge, Lober noted how interest in the topic was seen at the highest levels with the ECB having a cyber resilience board, headed by ECB leaders. AFI’s Senior Policy Manager for Digital Financial Services Ghiyazuddin Mohammad, who moderated the final session of the day, said this was an area that AFI network members could potentially explore.

Mohammad also encouraged members to read AFI’s recent publications on Cybersecurity for Financial Inclusion: Framework and Risk Guide, which outlines seven key principles for cybersecurity aimed at financial inclusion initiatives.

Bank of Finland and the ECB were among non-AFI members taking part in the event, a move in-line with efforts to enhance collaboration with developed market economies to further the knowledge of network institutions.

AFI’s Kennedy Komba, director of strategy and financial inclusion policy, added his support for the initiative at the regional and global level, saying that “the interconnectedness of the world necessitates cooperation and collaboration between developing and developed country regulators … a shock from one sphere of the globe will have an impact in others”. 

The event builds on AFI’s Sochi Accord on FinTech for financial inclusion, which aims to enhance collaboration between developing and develop economy regulators. It also responds to the so-called Global FinTech Dialogue, co-hosted by the Czech National Bank and AFI in September 2019, which prompted calls to conduct workshops on digital financial literacy to gather experiences from both developing and developed market economies.