Boosting cybersecurity at Asia’s banks
Cyber security risks are rising for Asia’s banks, who are responding by investing more in the necessary skills and expertise to combat the threat.
The cyber security threat is a global one and Asian banks are not operating in isolation, but there are some particular regional factors at work.
One of the most cited cases was Standard Chartered, which was hauled up after details of nearly 650 private wealth clients were compromised.
"Globally, financial institutions have been facing an increasing number and variety of cyber threats," the Monetary Authority of Singapore (MAS) said in its response.
"MAS takes a serious view of such threats and has stringent requirements in place for financial institutions to protect the security of their IT systems and confidentiality of their client data."
There is another area of concern. As we are seeing elsewhere with the financial sector, the focus is increasingly turning to third-party vendors as much as the institutions themselves. It was an issue raised recently by New York’s financial regulator in a speech about cyber risks facing banks and Asian regulators are also interested.
MAS launched a consultation last year on third-party access and has proposed a minimum standard for outsourcing.
The Singaporean regulator said financial institutions “are expected to continue to deepen their technology risk management capabilities and be ready to handle IT security incidents and system failures”.
One particular problem for Asian banks is skills. According to the efinancialcareers website, recruiters said there was a big shortage of skilled IT staff able to help banks in Singapore. One survey said 93 per cent of financial services firms were looking to hire security personnel. In addition, banks have lately been hobbled by Singapore’s Fair Consideration Framework, new rules that encourage employers to take on local workers.
Singapore may be the biggest financial centre in Asia, but it’s not the only story in a complex regulatory environment. New rules require tech firms supplying banks in China to provide the government with secret source code, build backdoors and submit to audits in a bid to shore up cyber security. Hong Kong has also tightened data rules for banks recently.
Cyber security is clearly a problem for banks; they need to protect client and corporate data. But the regulators are presenting new challenges of their own by imposing new and varying requirements on what is expected of Asia’s banks.
In a sense we can view cyber risks as threefold. First the threat itself, such as the loss of data and what that could entail fines/reputation damage. Second, third party vendors and outsourcing. Third, the regulation crunch which means banks have to push harder to improve systems, which adds costs.
The first two risks are global, in that they're the same for banks wherever they're located. Regulation, however, is another variable as different markets and authorities impose their own rules and structures. The challenge for Asia's banks is navigating the choppy regulatory waters across the region's markets.