21 Analytics’ Post

Banking and Cyber Security Against a backdrop of growing digitalization, evolving technologies, and rising geopolitical tensions, cyber-related incidents, in particular those with a malicious intent, have become much more frequent over the past two decades, and especially since 2020. Severe incidents at major financial institutions could pose an acute threat to macrofinancial stability through a loss of confidence, the disruption of critical services, and spillovers to other institutions due to technological and financial interconnectedness. We find that while cyber incidents have thus far not been systemic, the risk of extreme direct losses—at least as large as $2.5 billion—to firms from such incidents has increased. Moreover, indirect losses from cyber incidents are also significant and tend to be substantially larger than the reported direct losses by firms. Understanding the factors that contribute to the occurrence or prevention of cyber incidents is crucial for developing robust cybersecurity policies and strategies. The  analysis suggests that digitalization and geopolitical tensions significantly raise the risk of cyber incidents while more developed cyber legislation and better cyber governance at firms could help to mitigate such risk. High market concentration and low substitutability, especially when considering critical services such as payment services and custody banking, could make cyber incidents on financial firms particularly disruptive. Operations of financial firms often depend on common third-party IT providers, which also raises the risk of common shocks and spillovers. A severe cyber incident at a financial institution could undermine trust in the financial system and, in extreme cases, lead to market selloffs or runs on banks. Although no significant cyber runs have occurred yet, empirical analysis suggests modest and somewhat persistent deposit outflows from smaller  banks after a cyberattack. With the global financial system facing significant and growing cyber risks, policy and governance frameworks must keep pace. However, a survey of central banks and supervisory authorities in emerging market and developing economies shows that cybersecurity policy frameworks often remain insufficient. The cyber resilience of the financial sector should be strengthened by developing an adequate national cybersecurity strategy, appropriate regulatory and supervisory frameworks, a capable cybersecurity workforce, and domestic and international information-sharing arrangements. To allow for more effective monitoring of cyber risks, reporting of cyber incidents should be strengthened. Supervisors should hold board members responsible for promoting a conducive risk culture, cyber hygiene, and cyber training and awareness. To limit potential disruptions from cyber incidents, financial firms should develop recovery procedures. National authorities should develop effective response protocols and crisis management frameworks.

🚨 ESG Event 🚨 Alert: The Italian bank Unicredit has been fined 2.8 million € due to insufficient security Company: Unicredit SpA Type: Government  Initial ESG risk score: 1,27 Current ESG risk score: 7,49 Increase: 489.76 % Date: Feb 5 - March 18, 2024 🚨 Unicredit ESG risk on the rise The Italian bank Unicredit has been fined 2.8M € for alleged violations of the GDPR and insufficient security measures during a cyberattack. A fine of 800 thousand € also imposed on the company responsible for conducting security tests. The Italian data protection authority, Garante, first assessed the penalty in February and published it in a newsletter on March 7, 2024. The penalty comes as a response to the 2018 data breach. The cyber attack impacted the data of 778.000 customers, revealing their names, surnames, tax codes, and identification codes. About 6,800 customers also had their PIN numbers exposed. The data was made available in the HTTP response provided by the bank's systems to the browser of anyone trying to access the mobile banking portal, even unsuccessfully. The bank’s response: UniCredit has announced plans to appeal the data protection authority's decision. The bank stated that the incident had been immediately resolved and that no bank data had been compromised in the breach. They also said they are investing 3 billion € into IT security as part of its 2022-2024 plans. Want similar alerts? Get the free demo here: https://lnkd.in/egXkB37q #YukkaLab #ESG #ESGAlert #ESGRisk

🚨 Attention Risk Managers, Portfolio Managers, and Investors! 🚨 ESG Risk Alert: Unicredit's staggering fast increase in ESG risk underscores the urgent need for real-time news analytics in safeguarding investments. In the wake of a massive data breach and GDPR violations, UniCredit's hefty 2.8M € fine highlights the critical importance of proactive cyber security measures. Don't wait for penalties to escalate—learn how real-time news analytics can empower you to mitigate risks and protect your investments. Stay ahead of the curve. Act now to secure your assets. #ESGRisk #CyberSecurity #DataBreach #RealTimeAnalytics

What is DORA, and how can banks collaborate with tech providers to prepare for it? Read the new Finextra article on #OperationalResilience & #Regulation by Gabriela Giannattasio - Vice President, EMEA at Veritran & Carlos Cordova Niewold - Chief Cyber Resilience Officer at Veritran ➡️ https://lnkd.in/eTKk5mN8 #Fintech #Finance #resilience #Banking #Banks #FinancialServices #FinancialInstitutions #Technology #Innovation #Future #Trends #security #cybersecurity #digitaltransformation #payments #ICT #EU #legislation #compliance #risk #riskmanagement #DORA #AI #artificialintelligence #ML #machinelearning #automation #dataprotection #ISO27001 #GDPR 

🇮🇳 Information Security is Top Board Agenda In Banking and Finance ! Cyber Security Landscape Changed in the Last many Years in an Indian banking context considering below Focus aspects - 1. Governance Guidelines, cyber security framework, and expectations by RBI 2. Roles of Banks and CISO at Bank 3. Various Fraud incidents in Indian Banking Ecosystems 4. Guidelines by RBI for Board Members 5. Opportunity and Challenge for CISO ahead of decision makings 6. How RBI Drives IT Sec agenda continuously with banks 7. Our Message to Service providers to make out-of-box systems 8. Recent digital Payment adoption and increased responsibility for IT Security. 9. Role of Employees as Security awareness & Incident reporting 10. Various Innovations in Tools by various technologies -AI , Blockchain, Biometric , Voice tech etc. 📢 Board Member seeks attention to this advance during Quarterly and Regular Meetings 1. Governance and Leadership 2. Risk Management 3. Technology and Infrastructure 4. Regulatory Compliance 5. Vendor Management 6. Data Management 7. Training and Awareness for Staffs 🎯 We are blessed with a Great Regulator, The Reserve Bank of India (RBI) and it keeps guiding Indian banks around below areas - 1. Formulating a comprehensive information security policy framework that covers the entire organization. 2. Appoint a Chief Information Security Officer (CISO) who is responsible for managing the information security function of the bank. 3. Regular risk assessments and implement appropriate security controls based on the identified risks 4. The security of customer data is given the highest priority 5. Conduct regular security awareness training for all employees, including the board members 6. Conduct periodic vulnerability assessments and penetration testing 7. Ensuring compliance with relevant regulatory requirements & industry best practices 8. Ensuring that third-party vendors and service providers comply 9. Establishing an incident response & management plan 10. Regularly review and update the bank's information security policies and procedures ✳️ Bottomline - "Great to see, Information Security is Top Board Agenda, Quarterly reviews start with IT Security updates ahead of any other Updates. Its an great opportunity for partners to innovate and make security controls invisible. Let's see how Emerging technologies will make it happen. Its a gradual process... Let's be part of the Process " - Prasanna Lohar

Navigating the Waters of Bank Guarantee Fraud: Effective Risk Mitigation Strategies Uncover key strategies to shield your operations from bank guarantee fraud. This post delves into robust measures that enhance security and maintain trust in financial transactions: 1. Robust Verification Processes: Implementing stringent verification processes for all bank guarantees to prevent fraudulent activities. 2. Technological Integration: Utilizing blockchain and AI technologies to secure transactions and improve transparency in real-time monitoring. 3. Staff Training: Empowering employees with knowledge and tools to detect early signs of fraud, ensuring they are well-equipped to handle potential threats. 4. Regular Audits: Conducting frequent internal and external audits to ensure compliance with regulatory standards and operational integrity. 5. Collaborative Networks: Creating a collaborative network among banks to share intelligence on emerging fraud patterns and effective countermeasures. 6. Customer Education: Educating customers on the risks associated with bank guarantees and safe practices to avoid falling victim to scams. 7. Comprehensive Insurance: Encouraging the adoption of insurance policies that cover losses due to fraud, safeguarding the financial health of the institution. 8. Regulatory Adherence: Staying updated with global regulatory changes and adapting operations to meet these standards to prevent legal repercussions. 9. Digital Security Measures: Enhancing digital security frameworks to protect against cyber threats that target financial transactions. 10. Global Standards Compliance: Ensuring all operations comply with international financial security standards to foster trust and consistency across borders. Join us in fortifying financial infrastructures against fraud. Share your insights and learn from industry leaders about cutting-edge risk mitigation strategies. #BankGuaranteeFraud #RiskManagement #FinancialSecurity #BlockchainTechnology #AIInFinance #Cybersecurity #RegulatoryCompliance #FinancialEducation #BankingIndustry

Self-improvement is key in the banking sector. As technology evolves, it's crucial to stay ahead of the trends. That's why I'm striving to understand the latest advancements. The Crucial Role of Data Transfer Security Associate (ODSA) in Banking and Finance In today’s digital age, safeguarding sensitive data is more critical than ever, especially in the banking and financial sectors. This is where the role of a Data Transfer Security Associate (ODSA) becomes indispensable. Banks and financial institutions handle vast amounts of personal and financial data daily. Ensuring this data is securely transferred is paramount to maintaining customer trust and compliance with regulatory standards. An ODSA specializes in implementing robust security measures to protect data during transit, preventing breaches, and ensuring the integrity and confidentiality of financial transactions. Key contributions of an ODSA include: Enhanced Security Protocols: Implementing advanced encryption and secure transfer protocols to safeguard sensitive information. Regulatory Compliance: Ensuring adherence to industry standards and legal requirements, thereby mitigating the risk of non-compliance penalties. Risk Mitigation: Proactively identifying and addressing potential vulnerabilities in data transfer processes, reducing the risk of cyber-attacks. Trust Building: Enhancing customer confidence by ensuring their personal and financial data is protected, fostering long-term loyalty. As cyber threats continue to evolve, the expertise of a Data Transfer Security Associate is essential in fortifying the defenses of banks and financial institutions. Investing in this role is not just a regulatory necessity but a strategic move towards a more secure financial ecosystem. #DataSecurity #Banking #Finance #CyberSecurity #ODSA #DataProtection #FinTech

The financial industry has provided feedback on CISA's proposed rules under the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). The key points from 13 comment letters focus on changes to how firms report cybersecurity incidents. Here are the main themes from these comments: Key Themes: * Higher Reporting Thresholds * Harmonization with Existing Regulations * Applicability to Critical Operations * Data Security and Discoverability * Narrower Definition of "Substantial Cybersecurity Incident" Higher Reporting Thresholds * Many financial institutions believe the definition of "substantial cyber incident" is too broad. * Many are concerned that this broad definition would result in excessive reporting costs for low-risk events. * The Payments Leadership Council emphasized that CISA should prioritize high-risk incidents rather than all incidents at high-risk entities. Harmonization with Existing Regulations * Commenters requested CISA introduce harmonized reporting standards with consistent definitions and thresholds. * The Clearing House suggested developing information-sharing arrangements between federal agencies. * The National Association of State Credit Union Supervisors requested minimizing the burden of duplicative reporting at state and federal levels. Applicability to Critical Operations * Many commenters believe reporting requirements should focus on incidents affecting critical operations, not all operations. * The Institute of International Finance suggested narrowing the definition to incidents impacting critical services or processes. Data Security and Discoverability * Several comments stressed the importance of protecting the confidentiality and integrity of reported information. * Commenters highlighted the need for reassurance against disclosure requests under the Freedom of Information Act (FOIA). * The Farm Credit Council suggested incident reports should have the same protection as Suspicious Activity Reports (SARs) to encourage prompt and comprehensive reporting. Narrower Definition of "Substantial Cybersecurity Incident" * Commenters suggested specific ways to narrow the definition to reduce ambiguity. * The Depository Trust & Clearing Corporation (DTCC) provided extensive feedback, suggesting modifications to the proposed five-prong definition from CISA. * DTCC noted that the current proposal might require reporting minor disruptions, which is not practical. Examples of Entities Providing Feedback * CLS Bank International * AgFirst Farm Credit Bank * CoBank * Independent Community Bankers of America * The Clearing House Payments Company * Financial Services Sector Coordinating Council * Institute of International Finance * National Association of State Credit Union Supervisors * Payments Leadership Council * Depository Trust & Clearing Corporation #cybersecurity #banking #regulation #CISA

#BitRaser is Trusted by Top Banks Worldwide for Secure Data Erasure We are proud to serve leading global banks, ensuring their most confidential and sensitive information is securely erased from IT assets using BitRaser. With financial institutions handling vast amounts of sensitive data, secure data erasure is critical for: ✅ Protecting against data breaches ✅ Ensuring compliance with stringent regulations like GDPR, FACTA, & PCI DSS ✅ For promoting sustainability Our #banking customers trust #BitRaser for certified data erasure, keeping them compliant & protecting confidential information. Learn more about how BitRaser is safeguarding the world’s top banks: https://shorturl.at/7zAGu #DataSecurity #DataErasure #FinancialSecurity #Compliance #BitRaser #Banking #CyberSecurity #GDPR #DataProtection

💻 The world’s largest banks are “training” their third-party technology vendors on operational resilience as tough new rules come into effect. Some even spy an opportunity to unseat them, writes Lucy McNulty. 🛡️ From January, the EU’s Digital Operational Resilience Act will compel banks — and the tech vendors carrying out their critical functions — to show they can withstand IT threats including cyber-attacks, system outages and supplier failures. 📜 Dora, which applies to more than 22,000 financial institutions and IT firms, forces IT providers to sign new contracts certifying they are operationally resilient. ⚖️ C-suite executives at firms that breach these terms face large fines or even jail time, with many vendors being subject to financial regulators’ oversight for the first time. 🏫 Several larger banks have begun “helping to educate” tech firms, including fintechs, that provide services crucial to their businesses such as internal software, on how best to comply. 🕒 James Rees, of Razorthorn Security, says some banks started this with their long-standing IT providers in early 2024. 💡 “[It is] in their best interest to at least bring them into a certain level of training,” he says. 👀 Read more below https://lnkd.in/eWJUhWq8 Insights too from Catherine Dawson at Brown Brothers Harriman, Laura Moore from Protiviti UK, Jonathan Herbst from Norton Rose Fulbright and Tristan Jonckheer at Dentons #ThirdPartyRisk #CyberRisk #Dora