Here is the converted article in Markdown format:

Compliance Risks in Banking Sector Plague Trinidad and Tobago, Experts Warn

A recent technical assistance report has highlighted compliance risks in the banking sector of Trinidad and Tobago, with cybersecurity governance being a major concern.

Key Issues Identified by Visiting Mission

According to experts, The Central Bank of Trinidad and Tobago (CBTT) is struggling to keep pace with evolving threats. Several key issues have been identified:

• Commingling of IT Governance Responsibilities: The commingling of information technology (IT) governance responsibilities with the second line of defense has led to resource constraints and a lack of focus on payment systems beyond SWIFT.
• Information Security Function Reporting Structure: The bank’s information security function reports to its IT function, rather than being a standalone entity, further exacerbating the issue.

Identity and Access Management (IAM) Project

The report also notes that the IAM project is still in its preparatory stages, despite efforts to strengthen cybersecurity governance. While the project arrangements are comparable to good practices observed elsewhere, there are concerns about the bank’s ability to implement effective measures to prevent cyber threats.

Regulatory Environment

The regulatory environment on cyber risk is marked by a lack of dedicated guidance, with instructions instead being part of several guidelines in an indirect manner. This has led to a need for:

• Capacity Building: Strengthening supervisory practices, particularly in terms of addressing resource constraints and conducting regular risk-based onsite examinations.

Recommendations

The mission’s recommendations focus on strengthening the cyber posture of both The Central Bank of Trinidad and Tobago and the financial institutions supervised by it. The report concludes that urgent attention is needed to address these compliance risks and ensure the stability and security of the banking sector in Trinidad and Tobago.