KUWAIT CITY, Aug 9: Operational risk is one of the most significant risks faced by any financial institution, as evidenced by the major losses of the financial services industry experienced over the past few decades which were prompted by a series of operational failures.
The current risk profile of financial institutions is shaped not only by the recent global financial crises and the effect it has had on regulatory practices, but also by the various operational mishaps that have occurred resulting from initial flaws in a world of rapidly developing technology, said Governor of Central Bank of Kuwait Dr Mohammad Al-Hashel on Tuesday.
Operational risk definitions as they apply specifically to cyber risk need to be continually updated by the Basel Committee for Banking Supervision to take account of the dynamics and ever-increasing complexity of interconnected global markets.
For financial institutions, the risk of cyber threats disrupting core operations is a matter of grave concern. Financial institutions maintain massive amounts of data which, in turn, require support in the form of complex technology which in certain circumstances may provide an easy target for cyber-attacks aimed at defrauding, theft, etc.
Additionally, the practice of outsourcing operations for the development of computer and communications technology within payment systems and the banking sector has in some cases meant that their development has been at a faster pace than the regulatory framework in which they operate. As these systems evolve quickly with the use of new technologies, cyber security emerges as a potentially serious operational risk. We, as regulators, cannot afford to have trust in our banking institutions and payments systems lost, and the potential disruption caused to the financial system as a result of cyber-attacks should receive significant attention – in line with that of confronting other issues that may threaten financial stability.
Therefore, we need to focus on how best to address and secure potential risks of this nature and play an active role in protecting the safety, security and efficiency of the financial system as a whole. Regulators need to focus on how best to address this emerging risk and play a proactive role in assuring cyber resiliency in banking and payment systems. Given the importance of making payments available to enable smooth functioning of an economy, investment in technology to ensure a cyber-resilient and risk-less security system must become a national priority, focused on timely detection, limiting destruction as well as rapid remediation of damaged resources.
Considering the evolving nature of cyber threats, a financial institution’s response must be on an ongoing basis in order to adopt an institution- wide approach to cyber security that goes beyond just the IT Department. Regardless of future regulations and government actions on cyber security, financial institutions should be working constantly to establish a governance framework for cyber risk that engages the Board of Directors as well as management.
Furthermore, timely exchange of intelligence on such matters between peer institutions, regulators, and law enforcement agencies becomes essential in assuring that there is an appropriate global policy response to address this problem. Irrespective of location cyber threats have no borders – and neither the geography nor the size of an institution make it immune to this type of risk.