Email: Password:
Forgot Password

News Archive

Back to List Back to list
Previous Article Next Article

Cyber security regulations not needed

20 Jul 2017

The Reserve Bank says there are enough incentives for financial institutions to protect themselves from cyber attacks, there's no need for it to introduce cyber security regulations

Reserve Bank outlines stance on cyber issues:

Firms in the finance sector, regulators, and other authorities all have a part to play in managing cyber security risks while still benefiting from the opportunities of new financial technology.

“The dynamic cyber environment means organisations have to be nimble in their approach to cyber security - focused on outcomes, rather than prescriptive compliance exercises,” Reserve Bank Head of Prudential Supervision, Toby Fiennes, said in a speech delivered today to the Future of Financial Services conference, in Auckland.

He said that cyber-attack poses a significant threat to the global financial system, as shown by the ‘WannaCry’ ransom-ware attack that affected more than 200,000 systems around the world and the more recent ‘Notpetya’ attack.

“The nature and incidence of cyber risk is unique, meaning that typical approaches to risk management and disaster recovery planning may not be appropriate. While cyber vulnerabilities can be mitigated, the potential sources of cyber threats and the attack footprint are just too broad, so they can never be eliminated,” Mr Fiennes said.

The Reserve Bank had thought about whether to introduce more prescriptive requirements but decided not to at this stage.

“We doubt that prescriptive regulations would appreciably improve the outcome, when the technology and threat landscape are both changing so rapidly. We will, however, review this policy stance from time-to-time to ensure that it remains appropriate,” Mr Fiennes said.

“The Reserve Bank is closely watching the emerging wave of ‘digital disruption’ affecting the financial sector as firms react to customer demand for a more online experience. In the short term, digital disruption may result in new risks and increased instability in the financial system but in the long term, digital disruption of the banking sector may improve the efficiency of the financial system. The long-term impact on financial system soundness is less clear.

“We’re working with other agencies, such as the FMA and Ministry of Business, Innovation and Employment, to ensure that New Zealand presents an environment where digital financial innovation can flourish, provided it is done safely. In our view, New Zealand’s financial market regulatory settings support innovation and industry-based solutions and we see no need to actively steer potential solutions from industry by providing a concessionary environment for new entrants.

“As the prudential regulator, we’re looking at whether financial institutions appear to be taking cyber risks sufficiently seriously. We look to self-discipline and market discipline to provide the defences, agility and crisis preparedness that are required,” Mr Fiennes said. 

Previous Article Next Article

 

Professional IQ

Professional IQ College

Workshops, Online courses, webinars and Qualifications. For upcoming events         click here


Latest Papers:

Closing the Gap - Insuring your business against evolving cyber threats

iNavigator iNavigator Media Center
Provides access to a wide range of industry related media resources


Covernote Cover Note
IBANZ quarterly magazine for the latest on the intermediated insurance market.


Gary's Blog Gary's Blog
Comment on current issues.




© Copyright IBANZ, all rights reserved. Private information collected for this website is governed by our Privacy Policy. Read our Terms & Conditions
Powered by streamSWEET CMS