Financial Crime World

Here is the rewritten article in Markdown format:

Financial Institutions in Jamaica Face Serious Cyber Threats as BOJ Issues New Guidelines

The Bank of Jamaica (BOJ) has released a new consultation paper outlining guidelines for managing cyber risks in financial institutions, highlighting the serious threat that cyberattacks pose to financial stability. The proposed guidelines aim to establish minimum standards for banking licensees and will become binding once finalized.

Cyber Risks and Financial Stability

According to BOJ Deputy Governor Jide Lewis, the bank is working with financial institutions to ensure they have robust systems in place to manage cyber threats. “We have also been speaking about corporate governance so that they know the buck stops with them,” he said.

Guidelines Emphasize Responsibility of Boards

The guidelines emphasize the responsibility of boards of directors for establishing a financial institution’s cyber risk tolerance and overseeing the implementation of cyber risk management strategies, policies, procedures, and controls. The proposed regulations also require banks to consider interconnected factors such as supply chain, procurement, and outsourcing dependencies in their risk management approach.

Bank Fraud Concerns

Bank fraud is currently an estimated $800 million problem, but BOJ officials are concerned about the potential for seismic events if institutions do not remain vigilant. “It’s important for deposit-taking institutions to understand and manage their cyber risk to protect their assets, operations, and information entrusted to them by customers and stakeholders,” said BOJ.

Importance of Cybersecurity Expertise

The guidelines also emphasize the need for boards of directors to have adequate access to cybersecurity expertise, both internal and external, and for discussions about cyber risk management to be given adequate time on the board’s meeting agenda. “Cyberattacks are becoming more frequent, and they continue to evolve in terms of their complexity and sophistication,” warned BOJ.

Risk-Based Examinations

The central bank already conducts risk-based examinations of deposit-taking institutions (DTIs), which are expected to put an effective framework in place to manage cyber risk exposures inherent in their operations. “It is important for DTIs to understand and manage their cyber risk to protect their assets, operations, and information entrusted to them by customers and stakeholders,” said BOJ.

Types of Cyber Threats

Cyber threats include hacking, malware, phishing, and other types of cyberattacks, while cybersecurity refers to the systems, technologies, processes, governing policies, and human activity that an organization uses to safeguard its digital assets. The guidelines emphasize that boards of directors must have full oversight of their institution’s framework for managing cyber risks, ensuring that they collectively possess the appropriate balance of skills, knowledge, and experience to understand and assess the cyber risks facing the DTI.

Fraud Concerns

BOJ officials noted that while the fraud reported is relatively small compared to the size of the banking system, it is still a significant concern. “This is a large amount for individuals, but is about $100 million on average for institutions,” said Lewis.