November 27, 2017

FSI-CEMLA Policy Implementation Meeting on Cybersecurity

CEMLA in partnership with the Financial Stability Institute (FSI) of the Bank for International Settlements (BIS) organized the Policy Implementation Meeting on Cybersecurity under the auspices of the Banco Central de la Republica Argentina in Buenos Aires, Argentina on November 8 and 9, 2017.

The Policy Implementation Meetings are aimed at exploring central banking practices and policies connected with developments of the international financial agenda that are key to achieve sound financial systems and deserving of priority implementation. The Policy Implementation Meeting on Cybersecurity gathered more than 40 experts from Latin American and Caribbean central banks, international organizations and private sector entities that delivered on topical issues ranging from financial stability implications of cyber risk, the role of payments and financial market infrastructures, and the perspective of the private sector to deal with cyber-risk.

The following considerations summarizes the exchange of practical experiences in the Meeting:

1. Cyber risk is a growing threat for domestic and international financial ecosystems. Technological innovations and sophistication of cybercrime networks as well as the interconnectedness of a global financial system bring challenges for policymakers to prevent, detect and mitigate the consequences of cyber-attacks.
2. In response to the growing number of cyber-attacks the international financial community is taking action against this phenomenon. In doing so, international guidance and best practices such as the CPMI-IOSCO Guidance on cyber resilience for financial market infrastructures and the NIST cybersecurity framework have been adopted as starting point to enhance existing practices in central banks and other relevant financial authorities.
3. To deal with challenges related to cyber-risk, either central banks, relevant financial authorities and other key stakeholders, including financial institutions and market infrastructures, and third-party critical service providers, in the financial ecosystem are obliged to establish a framework that -at the very least- has high level endorsement, appropriate governance arrangements and flexible but effective specific measures for detection, prevention and response to events that damage information, services and processes that are essential for the financial system and the economy.
4. Protection against cyber-risk is heavily dependent on the awareness and culture among institutions’ personnel. Globally, cyber-attacks have proved that human factor is decisive.
5. Greater cross-border collaboration should be promoted to exchange relevant information and to harmonize practices, in order to improve the global cybersecurity environment.

 

As a general takeaway of the Meeting, it was underlined that the cybersecurity is a responsibility that must be shared among all relevant stakeholders. Every relevant actor must protect their own environment, enforce controls with third-parties, and share information with the authorities to be prepared against cyber-attacks.