Financial Crime World

Here is the converted article in markdown format:

Peru’s Financial Regulator Takes Steps to Enhance Cybersecurity in the Sector

LIMA, Peru - The Superintendency of Banks, Insurance, and Private Pension Funds (SBS) has launched a comprehensive initiative to strengthen cybersecurity in Peru’s financial sector. As part of its risk management framework, SBS is focusing on developing internal cybersecurity capacity among financial institutions, as well as enhancing its own supervisory capabilities.

Enhancing Cybersecurity Capacity

According to SBS, the goal is to ensure that financial institutions can quickly and effectively respond to cyber threats, which could negatively impact users or the entire financial sector. To achieve this, SBS is studying the Computer Security Incident Response Team (CSIRT) Services Framework to identify compatibility with its role as a regulator and supervisor.

Pillars of the Initiative

The initiative has four main pillars:

Pillar 1: Internal Cybersecurity Capacity

  • Financial institutions must integrate their cybersecurity measures into their risk management operations and establish adequate organizational structures.
  • This includes developing all functions of the cybersecurity framework, including anticipating, detecting, and responding to cyber threats.

SBS has already conducted two sectoral continuity exercises, simulating large earthquake scenarios, and will conduct one based on a cyber attack with major impact on the financial sector.

Pillar 2: Organizational Structure

  • Financial institutions must establish organizational structures that enable effective cybersecurity management.
  • This includes having a specialized information security committee, which may be assumed by the risk committee, responsible for strategic planning, security management, threat evaluation, and incident reporting.

SBS has an adequate organizational structure in place, with a Sectorial Business Continuity Working Group that has conducted exercises simulating large earthquake scenarios and will soon conduct one based on a cyber attack scenario.

Pillar 3: Human Resource Capacity

  • Organizational structures and cybersecurity measures are only effective if supported by trained personnel.
  • SBS aims to ensure financial institutions have the human resource capacity to anticipate, understand, and rapidly respond to cyber threats.

Peru faces a shortage of technical experts in this field, which stems from a lack of formal programs in educational institutions. To address this challenge, SBS is promoting cybersecurity training requirements for all employees and implementing plans to satisfy them.

Pillar 4: Development of Human Resource Capacity

  • The development of human resource capacity is critical to effective cybersecurity management.
  • Financial institutions must provide ongoing training in cybersecurity for all employees, while SBS’ information systems and technology supervision teams have been receiving ongoing training in information security and cybersecurity standards since 2015.

Conclusion

Overall, SBS’ initiative aims to enhance the financial sector’s resilience against cyber threats by developing internal cybersecurity capacity, establishing adequate organizational structures, and building human resource capacity. By doing so, Peru can ensure the continued stability and trust of its financial system.