The cyber resilience challenge

International standard setters and national-level regulators are rightfully placing an emphasis on cybersecurity, cyber resilience, information and communications technologies (ICT) risks, and ICT third-party providers. Further, they are focused on what the role of banks and credit unions will be in preparing for cyber-attacks and what their regulatory requirements are going to be moving forward. We have seen the Basel Committee issue its Principles for Operational Resilience and Risk and its Principles for the Sound Management of Operational Risk. The European Union is considering its Digital Operational Resilience Act. Estimates from the European Union (EU) indicate that the costs of operational incidents in its financial sector are as high as a staggering EUR 27 billion per year.

Credit unions know that cyber risks pose an enormous challenge and that many times the actors perpetrating attacks have unfair advantages and resources than an individual credit union, because they are either state-sponsored or state-supported, with resources far beyond those of an individual credit union.  Yet credit unions will do their level best to counter attacks through the use of technology or by pooling their resources to gain larger economies of scale to help address all the risks. Because of that un-level playing field, not only is it incumbent on regulators to provide sufficient and proportional regulations, as well as flexibility for credit unions to be able to find these solutions; but governments and policy makers need to focus on their own role in thwarting the bad actors. They need to work on their own communications framework, their cooperation among authorities to address incidents and bad actors, and their oversight of third-party providers. The burden cannot all be placed on credit unions, and certainly the regulations cannot be such that they inhibit credit unions from doing what they do best– serve their communities.

Basel Committee Focused on Cyber Resilience, Climate and Digitalization

In separate releases, the Basel Committee on Banking Supervision called for the following:

 

continue reading »