Central Bank governor Dr Alvin Hilaire says while technology has changed the way business is done, it continues to be a disruptor.
He was speaking at the bank’s webinar on Cybersecurity in Financial Institutions: Best Practices on Tuesday.
Hilaire said, “The Central Bank must be resilient. We cannot win alone, and therefore we must work together with the rest of the community. The bank is currently part of an IT committee that allows us to remain connected globally with other banks.”
He added that modern financial institutions face huge cyber risks owing to the growing global interconnectedness and speed of transactions. The bank understands cybersecurity is part of the landscape because it affects financial stability.
The bank recently hosted an IMF technical assistance mission to TT to help strengthen its cybersecurity posture and build supervisory capacity. The mission also helped identify internal weaknesses in the governance process, improve board-level discussions, increase resources, adopt security-hardening baselines and commission security reviews of payment systems.
The IMF mission also recommended drafting focused cybersecurity guidelines for financial institutions based on international best practices.
“The Central Bank intends to take things a step further by drawing up a set of best practices that will be relevant to all financial institutions in TT, including those that are currently not supervised by the bank,” he said.
Michelle Francis-Pantor, deputy inspector at the Central Bank
, shared the drafted guidelines which include providing a baseline of cybersecurity operations for participants in the sector, promoting compliance with cybersecurity standards, complementing international best practices (ISO 27001) and strengthening resilience in the sector.
She added that there are six key cybersecurity elements in the guidelines:
* Governance and risk management
* Security awareness and training
* Incident reporting
* Business continuity and recovery
* Cybersecurity testing
“Good governance and risk management are essential to protect the security of information systems and data, while security awareness and training for employees help deter many cyber-attacks. Actively sharing threat information allows one institution’s detection to become another’s prevention,” she said.
She added that the bank will solicit comments with a view to issuing the guidelines by mid-September.