Addressing Cyber Security Risks in Emerging Financial ......Komitas Stepanyan, PhD, CRISC, CRMA,...
Transcript of Addressing Cyber Security Risks in Emerging Financial ......Komitas Stepanyan, PhD, CRISC, CRMA,...
![Page 1: Addressing Cyber Security Risks in Emerging Financial ......Komitas Stepanyan, PhD, CRISC, CRMA, Cobit Deputy Head of Internal Audit 20 November, 2019 17 Cybersecurity –more than](https://reader035.fdocuments.net/reader035/viewer/2022070115/60af63ef067f270a0223df09/html5/thumbnails/1.jpg)
Addressing Cyber Security Risks
in Emerging Financial Sectors
November 20, 2019
![Page 2: Addressing Cyber Security Risks in Emerging Financial ......Komitas Stepanyan, PhD, CRISC, CRMA, Cobit Deputy Head of Internal Audit 20 November, 2019 17 Cybersecurity –more than](https://reader035.fdocuments.net/reader035/viewer/2022070115/60af63ef067f270a0223df09/html5/thumbnails/2.jpg)
Setting The Stage: Cyber Security Challenges And Trends In Emerging Financial Markets
Judith Frickenstein, GIZ
Juliet Maina, GSMA
Komitas Stepanyan, Central Bank of Armenia
Prof. Dr. Dirk Zetzsche, University of Luxembourg
![Page 3: Addressing Cyber Security Risks in Emerging Financial ......Komitas Stepanyan, PhD, CRISC, CRMA, Cobit Deputy Head of Internal Audit 20 November, 2019 17 Cybersecurity –more than](https://reader035.fdocuments.net/reader035/viewer/2022070115/60af63ef067f270a0223df09/html5/thumbnails/3.jpg)
THE DARK SIDE OF DIGITAL FINANCIAL TRANSFORMATION:
THE NEW RISKS OF FINTECH AND THE RISE OF TECHRISK
Prof. Dr. Dirk A. Zetzsche, LL.M.ADA Chair in Financial Law (inclusive finance)
University of Luxembourg
Based on Buckley/Arner/Zetzsche/Segla, Sing. J. Leg. St., in press,
pre-print available at: www.ssrn.com/abstract =3478640
![Page 4: Addressing Cyber Security Risks in Emerging Financial ......Komitas Stepanyan, PhD, CRISC, CRMA, Cobit Deputy Head of Internal Audit 20 November, 2019 17 Cybersecurity –more than](https://reader035.fdocuments.net/reader035/viewer/2022070115/60af63ef067f270a0223df09/html5/thumbnails/4.jpg)
1.0 2.0
3.0
3.5
1866 - 1967 1968 - 2007 2008 - Present
Infrastructure Banks Start-ups
2007
4.0
TechFin
Identity
Big Data
AI
IoT
Decentralized
Dev
elo
ped
Wo
rld
Dev
elo
pin
g W
orl
d
Telegraph
Telephone
ATM
E-
Banking
P2P
Credit
Scoring
FinTech Evolution
![Page 5: Addressing Cyber Security Risks in Emerging Financial ......Komitas Stepanyan, PhD, CRISC, CRMA, Cobit Deputy Head of Internal Audit 20 November, 2019 17 Cybersecurity –more than](https://reader035.fdocuments.net/reader035/viewer/2022070115/60af63ef067f270a0223df09/html5/thumbnails/5.jpg)
Framework of Analysis
New sources of traditional risks: Credit? Payment? Market?
Legal? Operational?
New risks? TechRisk
New systems / structures? Technology today is no longer the
constraint in an increasing range of cases – Libra …
![Page 6: Addressing Cyber Security Risks in Emerging Financial ......Komitas Stepanyan, PhD, CRISC, CRMA, Cobit Deputy Head of Internal Audit 20 November, 2019 17 Cybersecurity –more than](https://reader035.fdocuments.net/reader035/viewer/2022070115/60af63ef067f270a0223df09/html5/thumbnails/6.jpg)
Key Areas of Concern
▪Cybersecurity
▪Data security / protection
▪TechFin / BigTech
▪Technological risks: New infrastructure
▪Interoperability / connectivity
▪International / regional cooperation
![Page 7: Addressing Cyber Security Risks in Emerging Financial ......Komitas Stepanyan, PhD, CRISC, CRMA, Cobit Deputy Head of Internal Audit 20 November, 2019 17 Cybersecurity –more than](https://reader035.fdocuments.net/reader035/viewer/2022070115/60af63ef067f270a0223df09/html5/thumbnails/7.jpg)
Cybersecurity
▪No. 1 national security, public security AND financial stability risk
▪Incumbents
▪Infrastructure: old and new
▪New entrants: small and large
▪Regulators / governments
▪Use of same software and service providers (cloud...)
▪Markets: Flashcrash …
![Page 8: Addressing Cyber Security Risks in Emerging Financial ......Komitas Stepanyan, PhD, CRISC, CRMA, Cobit Deputy Head of Internal Audit 20 November, 2019 17 Cybersecurity –more than](https://reader035.fdocuments.net/reader035/viewer/2022070115/60af63ef067f270a0223df09/html5/thumbnails/8.jpg)
Hostile and other actors
▪Participants
• Hackers
• Hacktivists
• Terrorists
• Criminals: of all types
• Corporations
• Sovereign / quasi sovereign
▪Purposes
• Fun
• Destruction
• Message
• Theft: old and new
• Warfare
![Page 9: Addressing Cyber Security Risks in Emerging Financial ......Komitas Stepanyan, PhD, CRISC, CRMA, Cobit Deputy Head of Internal Audit 20 November, 2019 17 Cybersecurity –more than](https://reader035.fdocuments.net/reader035/viewer/2022070115/60af63ef067f270a0223df09/html5/thumbnails/9.jpg)
BigTech / TechFin
▪Network effects
▪Regulation: new SIFIs
▪Competition / antitrust
▪Non-traditional infrastructure
![Page 10: Addressing Cyber Security Risks in Emerging Financial ......Komitas Stepanyan, PhD, CRISC, CRMA, Cobit Deputy Head of Internal Audit 20 November, 2019 17 Cybersecurity –more than](https://reader035.fdocuments.net/reader035/viewer/2022070115/60af63ef067f270a0223df09/html5/thumbnails/10.jpg)
Non-traditional infrastructure
▪Data
▪“financial operating systems”: Aladin
▪Cloud: FinTechs, incumbents, SIFIs, BigTech / TechFin
▪New infrastructure: blockchain
▪Libra, stablecoins, CBDCs, public-private: Utility Settlement
Coin (USC)
![Page 11: Addressing Cyber Security Risks in Emerging Financial ......Komitas Stepanyan, PhD, CRISC, CRMA, Cobit Deputy Head of Internal Audit 20 November, 2019 17 Cybersecurity –more than](https://reader035.fdocuments.net/reader035/viewer/2022070115/60af63ef067f270a0223df09/html5/thumbnails/11.jpg)
Interoperability / interconnectivity
▪Traditional
▪New
![Page 12: Addressing Cyber Security Risks in Emerging Financial ......Komitas Stepanyan, PhD, CRISC, CRMA, Cobit Deputy Head of Internal Audit 20 November, 2019 17 Cybersecurity –more than](https://reader035.fdocuments.net/reader035/viewer/2022070115/60af63ef067f270a0223df09/html5/thumbnails/12.jpg)
TechRisk
New sources of traditional risk
New risks
Necessitates: monitoring, understanding, system design,
technology, international cooperation
RegTech
![Page 13: Addressing Cyber Security Risks in Emerging Financial ......Komitas Stepanyan, PhD, CRISC, CRMA, Cobit Deputy Head of Internal Audit 20 November, 2019 17 Cybersecurity –more than](https://reader035.fdocuments.net/reader035/viewer/2022070115/60af63ef067f270a0223df09/html5/thumbnails/13.jpg)
What to do?
▪Financial sector: risk management systems, data
protection systems, contingency planning, insurance
▪Regulators: monitoring, supervisory review, information
sharing, sandboxes / stress tests / war games / contingency
plans, capital
▪Governments: training / human capital, defense / planning
▪International / regional cooperation / information sharing
![Page 14: Addressing Cyber Security Risks in Emerging Financial ......Komitas Stepanyan, PhD, CRISC, CRMA, Cobit Deputy Head of Internal Audit 20 November, 2019 17 Cybersecurity –more than](https://reader035.fdocuments.net/reader035/viewer/2022070115/60af63ef067f270a0223df09/html5/thumbnails/14.jpg)
Thanks!
Prof. Dr. Dirk Zetzsche, LL.M.
ADA Chair in Financial Law (Inclusive Finance)
Faculty of Law, Economics & Finance
University of Luxembourg
![Page 15: Addressing Cyber Security Risks in Emerging Financial ......Komitas Stepanyan, PhD, CRISC, CRMA, Cobit Deputy Head of Internal Audit 20 November, 2019 17 Cybersecurity –more than](https://reader035.fdocuments.net/reader035/viewer/2022070115/60af63ef067f270a0223df09/html5/thumbnails/15.jpg)
Readings on FinTech
Regulatory Sandboxes
www.ssrn.com/abstract=3018534
TechFin / Data-driven Finance
www.ssrn.com/abstract=2959925
Distributed Ledgers / Blockchain
www.ssrn.com/abstract=3018214
eID / KYC Utilitieswww.ssrn.com/abstract=3224115
Corporate Technologies (AI etc.)
www.ssrn.com/abstract=3392321
ICO Gold Rush
www.ssrn.com/abstract=3072298Regulating Libra
www.ssrn.com/abstract =3414401
Rise of Tech Risk
www.ssrn.com/abstract=3478640
FT4FI Roadmap
www.ssrn.com/abstract=3245287
Future of Data-Driven Finance
www.ssrn.com/abstract=3359399
![Page 16: Addressing Cyber Security Risks in Emerging Financial ......Komitas Stepanyan, PhD, CRISC, CRMA, Cobit Deputy Head of Internal Audit 20 November, 2019 17 Cybersecurity –more than](https://reader035.fdocuments.net/reader035/viewer/2022070115/60af63ef067f270a0223df09/html5/thumbnails/16.jpg)
Cyber Security Risks For Central Banks in
Emerging and Developing Countries
Komitas Stepanyan, PhD, CRISC, CRMA, Cobit
Deputy Head of Internal Audit
20 November, 2019
![Page 17: Addressing Cyber Security Risks in Emerging Financial ......Komitas Stepanyan, PhD, CRISC, CRMA, Cobit Deputy Head of Internal Audit 20 November, 2019 17 Cybersecurity –more than](https://reader035.fdocuments.net/reader035/viewer/2022070115/60af63ef067f270a0223df09/html5/thumbnails/17.jpg)
17
Cybersecurity – more than a real threat
People Process Technologies
RISK
![Page 18: Addressing Cyber Security Risks in Emerging Financial ......Komitas Stepanyan, PhD, CRISC, CRMA, Cobit Deputy Head of Internal Audit 20 November, 2019 17 Cybersecurity –more than](https://reader035.fdocuments.net/reader035/viewer/2022070115/60af63ef067f270a0223df09/html5/thumbnails/18.jpg)
18
What does the regulators/supervisors need to know?
• Clear understanding of what cyber risk means and how it could harm a bank’s and/
or financial sector viability
• Able to challenge the supervised institutions
• Ability to asses if 3 lines of defense is functioning at the supervised institutions
o Good knowledge of the institutions’ IT/Info/Cyber governance and strategy
o Understanding the institution’s IT/Info/Cyber risk management framework
• Knowledge of the institutions ICT/cyber risk profile, including critical assets and
processes, relevant threats, existing vulnerabilities and mitigating controls
• Understanding of bank’s dependencies
![Page 19: Addressing Cyber Security Risks in Emerging Financial ......Komitas Stepanyan, PhD, CRISC, CRMA, Cobit Deputy Head of Internal Audit 20 November, 2019 17 Cybersecurity –more than](https://reader035.fdocuments.net/reader035/viewer/2022070115/60af63ef067f270a0223df09/html5/thumbnails/19.jpg)
Cybersecurity governance for Mobile Money providers
Juliet Maina, Advocacy and
Regulatory Manager, GSMA
20th November 2019
Photograph by Trung Vo Chi
![Page 20: Addressing Cyber Security Risks in Emerging Financial ......Komitas Stepanyan, PhD, CRISC, CRMA, Cobit Deputy Head of Internal Audit 20 November, 2019 17 Cybersecurity –more than](https://reader035.fdocuments.net/reader035/viewer/2022070115/60af63ef067f270a0223df09/html5/thumbnails/20.jpg)
20
About The GSMA
![Page 21: Addressing Cyber Security Risks in Emerging Financial ......Komitas Stepanyan, PhD, CRISC, CRMA, Cobit Deputy Head of Internal Audit 20 November, 2019 17 Cybersecurity –more than](https://reader035.fdocuments.net/reader035/viewer/2022070115/60af63ef067f270a0223df09/html5/thumbnails/21.jpg)
21
![Page 22: Addressing Cyber Security Risks in Emerging Financial ......Komitas Stepanyan, PhD, CRISC, CRMA, Cobit Deputy Head of Internal Audit 20 November, 2019 17 Cybersecurity –more than](https://reader035.fdocuments.net/reader035/viewer/2022070115/60af63ef067f270a0223df09/html5/thumbnails/22.jpg)
“Generally, it refers to the protection, by any means, of network-
related systems and devices and the software and data they
contain… typically comprises the protection of technical
infrastructure, procedures and workflows, physical assets, national
security as well as the confidentiality, integrity and availability of
information.”
What is Cybersecurity?
Source: GSMA Mobile Policy Handbook, 2019
![Page 23: Addressing Cyber Security Risks in Emerging Financial ......Komitas Stepanyan, PhD, CRISC, CRMA, Cobit Deputy Head of Internal Audit 20 November, 2019 17 Cybersecurity –more than](https://reader035.fdocuments.net/reader035/viewer/2022070115/60af63ef067f270a0223df09/html5/thumbnails/23.jpg)
23
Cybersecurity
governance
framework.
![Page 24: Addressing Cyber Security Risks in Emerging Financial ......Komitas Stepanyan, PhD, CRISC, CRMA, Cobit Deputy Head of Internal Audit 20 November, 2019 17 Cybersecurity –more than](https://reader035.fdocuments.net/reader035/viewer/2022070115/60af63ef067f270a0223df09/html5/thumbnails/24.jpg)
The report on Cybersecurity in mobile money is now
available.
Cybersecurity
in mobile
moneyGSMA Mobile Money Group
@GSMAMobileMoney
gsma.com/mobilemoney
Follow us on social media
![Page 25: Addressing Cyber Security Risks in Emerging Financial ......Komitas Stepanyan, PhD, CRISC, CRMA, Cobit Deputy Head of Internal Audit 20 November, 2019 17 Cybersecurity –more than](https://reader035.fdocuments.net/reader035/viewer/2022070115/60af63ef067f270a0223df09/html5/thumbnails/25.jpg)
Setting The Stage: Cyber Security Challenges And Trends In Emerging Financial Markets
Judith Frickenstein, GIZ
Juliet Maina, GSMA
Komitas Stepanyan, Central Bank of Armenia
Prof. Dr. Dirk Zetzsche, University of Luxembourg