Financial Crime World

Cybersecurity Risks in Finance Pose Serious Hazard to Jamaica’s Financial Stability

The Bank of Jamaica (BOJ) has issued a consultation paper outlining guidelines for managing cyber risks in the financial sector. The proposed guidelines aim to establish minimum standards for managing cyber risk and will become binding once finalized.

A Growing Concern

Bank fraud is an estimated $800- million problem, although proportionally small compared to the size of the banking system. However, the central bank wants banks to remain vigilant against potential threats in order to prevent seismic events. To achieve this, boards are expected to have adequate access to cybersecurity expertise, whether internal or external.

Collaboration and Governance

Deputy Governor Jide Lewis reaffirmed that BOJ is working closely with banks to ensure they have robust systems in place to manage cyber threats. “We have also been speaking about corporate governance so that they know the buck stops with them,” he said.

The Importance of Cybersecurity

Despite concerns over reported fraud, which ranges from $500 million to $1 billion, Lewis noted that it is still a relatively small amount compared to the size of the banking system, which stands at approximately $3.5 trillion.

Risk-Based Examinations

The central bank already conducts risk-based examinations of deposit-taking institutions (DTI) licensees, requiring each institution to establish an effective framework for managing cyber risks. This includes putting in place controls and procedures to prevent significant financial loss, legal liabilities, and reputational damage.

The Proposed Guidelines

BOJ emphasized the importance of understanding and managing cyber risks to protect assets, operations, and customer information. “Cyberattacks are becoming more frequent, and they continue to evolve in terms of their complexity and sophistication,” said BOJ. “A successful cyberattack could have a debilitating impact on a DTI, which could cause a significant financial or operational impact on a financial institution.”

Board Responsibilities

The proposed guidelines place the responsibility on boards of directors to ensure that their institutions’ cyber risk management plans cover all aspects, including:

  • People: The board must possess the necessary skills, knowledge, and experience to understand and assess cyber risks.
  • Processes: The board must have an ongoing program to assess any gaps in the knowledge and expertise of the board and management, and to implement initiatives to address these gaps.
  • Data: The board must ensure that data is properly protected and that there are controls in place to prevent unauthorized access or use.
  • Facilities: The board must ensure that physical facilities are secure and that there are controls in place to prevent unauthorized access.

By following these guidelines, boards of directors can help mitigate the risk of cyber threats and protect Jamaica’s financial stability.