Abstract
Cyber incidents can pose a significant threat to the stability not only of the financial system but also of the global economy. Within the financial sector, banks typically have the most public-facing products and services and could be used as entry points for attacks targeting other parts of the financial system. Strengthening cyber resilience is therefore a key area of attention for banking regulators and supervisors. Regulatory expectations on cybersecurity, which can either be embedded into risk management regulations or established as separate cyber resilience regulations, focus on identification, protection, detection, response and recovery capabilities of banks. In terms of supervision, most supervisors are assessing cybersecurity as part of their ongoing risk-based supervisory activities, while others are complementing these with thematic or specialised supervisory reviews. Regulatory expectations generally inform supervisory reviews but in certain cases, such as in testing cyber resilience, supervisors use specific frameworks or tools.
This paper is an updated version of FSI Insights No 2: “Regulatory approaches to enhance banks’ cyber-security frameworks” by the same authors.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Accenture and Ponemon Institute. 2019. “The Cost of Cybercrime: Ninth Annual Cost of Cybercrime Study.” March.
Bank of England. 2013. “CBEST Framework.” June.
Basel Committee on Banking Supervision. 2018. “Cyber-Resilience: Range of Practices.” December.
Castro Carvalho, Ana Paula, Stefan Holh, Roland Raskopf and Sabrina Ruhnau. 2017. “Proportionality in Banking Regulation: A Cross-Country Comparison.” FSI Insights No 1. August.
Center for Cyber Safety and Education and International Information System Security Certification Consortium. 2017. “Global Information Security Workforce Study, US Federal Government Results.” May.
Center for Internet Security. “The 20 CIS Controls & Resources.” Accessed on 22 August 2020.
Committee on Payments and Market Infrastructures and International Organization of Securities Commissions. 2016. “Guidance on Cyber resilience for Financial Market Infrastructures.” June.
Crisanto, Juan Carlos and Jermy Prenio. 2017. “Regulatory Approaches to Enhance Banks’ Cybersecurity Frameworks.” FSI Insights No 2. August.
———. 2020. “Financial Crime in Times of Covid-19 – AML and Cyber Resilience Measures.” FSI Briefs No 7. May.
Deloitte. 2019. “Global Risk Management Survey, 11th Edition.” January 23.
Department of Financial Services of New York State. 2017. “Cybersecurity Requirements for Financial Services Companies.”
Financial Stability Board. 2017. “Financial Stability Implications from Fintech: Supervisory and Regulatory Issues that Merit Authorities’ Attention.” June 27.
———. 2018. “Cyber Lexicon.” November 12.
———. 2020. “Effective Practices for Cyber Incident Response and Recovery, Consultative Document.” April 20.
Gracie, Andrew. 2014. “Managing Cyber-Risk – The Global Banking Perspective.” June 10.
Group of 7. 2016. “Fundamental Elements of Cybersecurity for the Financial Sector.” May.
———. 2017. “Fundamental Elements for Effective Assessment of Cybersecurity in the Financial Sector.” May.
———. 2018a. “Fundamental Elements for Third Party Cyber Risk Management.” October.
———. 2018b. “Fundamental Elements for Threat Led Penetration Testing.” October.
Hong Kong Monetary Authority. 2016. “Cybersecurity Fortification Initiative.” May.
International Association of Insurance Supervisors. 2018. “Application Paper on Supervision of Insurer Cybersecurity.” November 7.
International Organization for Standardization. 2018. “ISO 31000: Risk Management.”
———. 2019. “ISO 22301: Security and Resilience — Business Continuity Management Systems.”
International Organization for Standardization and International Electrotechnical Commission. 2018. “ISO/IEC 27000: Information Technology — Security Techniques — Information Security Management Systems.”
International Organization of Securities Commissions. 2019. “Cyber Task Force Final Report.” June.
ISACA. 2019. “COBIT 2019 Framework: Introduction and Methodology.”
McAfee. 2018. “The Economic Impact of Cybercrime – No Slowing Down.” February.
Mee Paul and James Morgan. 2017. Deploying a cyber risk strategy: Five key moves beyond regulatory compliance, Oliver Wyman.
National Institute of Standards and Technology. 2018. “Cybersecurity Framework Version 1.1.” April.
Prenio, Jermy, Jeffery Yong and Raymond Kleijmeer. 2019. “Varying Shades of Red: How Red Team Testing Frameworks Can Enhance the Cyber Resilience of Financial Institutions.” FSI Insights No 21. November.
SWIFT. “Customer Security Programme (CSP).” Accessed on 20 August 2020.
US Government Accountability Office. 2015. “Cybersecurity, Bank and Other Depository Regulators Need Better Data Analytics and Depository Institutions Want More Usable Threat Information.” Report to Congressional Requesters. July.
Wilson, Christopher, Tamas Gaidosch, Frank Adelmann and Anastasiia Morozova. 2019. “Cybersecurity Risk Supervision.” IMF Monetary and Capital Markets Department Paper No19/15. September.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Crisanto, J.C., Prenio, J. (2021). Emerging Prudential Approaches to Enhance Banks’ Cyber Resilience. In: Pompella, M., Matousek, R. (eds) The Palgrave Handbook of FinTech and Blockchain. Palgrave Macmillan, Cham. https://doi.org/10.1007/978-3-030-66433-6_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-66433-6_13
Published:
Publisher Name: Palgrave Macmillan, Cham
Print ISBN: 978-3-030-66432-9
Online ISBN: 978-3-030-66433-6
eBook Packages: Business and ManagementBusiness and Management (R0)