The rapidly emerging risks from digital attacks on banks mean that we must pay more attention to cybersecurity: it holds the key to financial stability in the next decades
The global financial crisis – and particularly Europe’s banking crisis – gave us the term ‘Too Big to Fail’. It taught us that a failure at a big bank can bring down a country’s economy with it.
In the wake of the crash, regulators said ‘never again’. They set to work strengthening the financial safeguards at banks – raising their liquidity buffers and their capital cushions.
The fine tuning on those regulations continues. But now it is time for everyone to turn their attention to the biggest threat to financial stability that we face today: cybersecurity.
Banks must put as much effort into digital security today as they have put into traditional financial stability – capital and liquidity – previously. That’s not just to keep the money safe. Advanced cyber attacks stop banks providing their normal customer service – processing payrolls for clients, for example. And they make a big dent in public confidence.
Mexico and Chile recently had a taste of the disruption that can be caused by digital attacks. In Mexico, attackers targeted the connection point between banks and the central payments system. It held up payments processing for weeks and shook confidence in the country’s biggest banks – as well as leaving them some USD 15 million out of pocket.
Banco de Chile experienced similar repercussions. Customers struggled to do their banking in branch or over the phone, the bank’s reputation has taken a hit, and it is trying to recover the USD 10 million that was stolen.
The attacks were sophisticated: attackers spent months finding ways into the system and waiting patiently to exploit the vulnerabilities they had found.
As iupana reports, there was another fundamental impact of the attacks: to show that no region is off-limits to sophisticated global crime of this nature. Banks in Latin America and the Caribbean may have thought they were immune to such attacks. It’s now clear they are a target.
So, what now? Banks must put cybersecurity front and center of all decisions. Some banks for example still don’t demand that third party tech providers comply with the latest cybersecurity protocols such as ISO 27001, according to the head of a major technology outsourcing company to Latin American banks. Start making it a requirement.
There’s also a big role for regulators here, too. They must get up to speed with this issue, and quickly: Study best practices globally, and move fast to implement it locally.
Cyber defenses are urgent, and important. Financial stability in the next decades will depend on how digitally secure we can make our banks.
Are the days for huge Brazilian bank spreads numbered?
OPINION: How to trace development financing more effectively
OPINION: The hype is out of control – but blockchain offers some concrete, serious opportunities for Brazil
OPINION: Miguel Arce, the commercial director of PDP, reflects on the electronic money project in Peru
OPINION: Interoperability is key for digital payments systems, argues the architect of Ecuador’s mobile money project
Should tech companies be regulated by financial authorities?
No: Any financial services they offer are minor ancilliary business
Maybe: If they seek a banking license
Yes: Any company offering credit or payments should be monitored by financial regulators