sb-nz logo
Story image

Reserve Bank keeps watchful eye on security; steers away from prescriptive rules

24 Jul 2017

The Reserve Bank is letting the finance sector, regulators and other authorities steer their own course through cyber issues and security, opting to leave the prescriptive approach on the backburner.

Last week Reserve Bank Head of Prudential Supervision Toby Fiennes spoke at the Future of Financial Services conference in Auckland. He said that cybersecurity approaches must be nimble and focused on outcomes – rather than a prescriptive compliance approach.

He also said that risk management and disaster recovery are not part of a one-size-fits-all approach.

“The nature and incidence of cyber risk is unique, meaning that typical approaches to risk management and disaster recovery planning may not be appropriate. While cyber vulnerabilities can be mitigated, the potential sources of cyber threats and the attack footprint are just too broad, so they can never be eliminated,” he explained.

He said that given the rapid changes in both the cyber threat world and the technology used to defend them, the Reserve Bank has chosen not impose prescriptive regulations, opting instead to review the policy stance ‘from time to time’.

Fiennes added that the Reserve Bank focuses on mitigating systemic risks such as cyberattacks on financial institutions that lead to a loss of confidence in the financial sector; an attack that disrupts critical banking, financial and economic functions; and an attack that could lead to the ‘outright failure’ of a large firm that could have wider systemic impacts.

The Reserve Bank has been hot on the heels of the effect generated by digital disruption in the financial sector, driven by customers’ demand for an online experience.

“In the short term, digital disruption may result in new risks and increased instability in the financial system but in the long term, digital disruption of the banking sector may improve the efficiency of the financial system. The long-term impact on financial system soundness is less clear,” he explained.

The Reserve Bank is working along the Financial Markets Authority and the Ministry of Business, Innovation and Employment to make sure digital innovation is conducted in a safe way, he explains.

He also points out that while the Reserve Bank is separate from other security agencies such as CERT NZ, New Zealand’s Cyber Security Strategy links to the Bank’s financial stability objective through resilience.

The Reserve Bank is also undergoing reviews of its capability and maturity of its security practices, Fiennes said. Those reviews include cyber-resilience self-assessments, reviews of key information assets, critical functions, threat exposures, vulnerabilities and appropriate mitigants.

 “As the prudential regulator, we’re looking at whether financial institutions appear to be taking cyber risks sufficiently seriously. We look to self-discipline and market discipline to provide the defences, agility and crisis preparedness that are required,” he concluded.

Read his full speech here.

Download image
How to make authentication as painless as possible
Multi-factor authentication seems to be the standard in top-end security authentication systems. But even MFA has its drawbacks. Find out how RSA SecurID provides the best authentication out there. More
Story image
Google Chrome postpones changing cookie policy in wake of COVID-19
Google Chrome says it began enforcing secure-by-default handling of third-party cookies with its release of the Chrome 80 update in February. But now the work has been postponed due COVID-19.More
Story image
ForgeRock appoints new execs to lead IAM growth
“Identity and Access Management is foundational to a modern security architecture especially now as we are experiencing a paradigm shift towards Zero Trust."More
Story image
Forcepoint unveils impressive channel recruits across APAC and ANZ
Cybersecurity firm Forcepoint has named four new key appointments to its leadership team as it looks to strengthen its channel, strategy and sales lineup across the Asia Pacific and Australian New Zealand regions.More
Story image
Kaspersky announces update to Microsoft Office 365 security solution as COVID-19 threats emerge
The upgrade introduces enhanced anti-phishing capabilities with a dedicated anti-spoofing feature, as well as bolstered protection within Microsoft Teams.More
Story image
Interview: ManageEngine's VP says legacy remote solutions aren't cutting it
Techday spoke with ManageEngine vice president Rajesh Ganesan on the company’s solutions to the rapid changes and issues facing workforces around the globe as millions upon millions pack up their offices and work from home.More