Financial Crime World

Here is the article converted to Markdown format:

FMI Owners Must Prepare for Efficient Switching of Providers

In an increasingly interconnected world, the resilience of critical infrastructure is more important than ever. Norges Bank emphasizes the need for Financial Market Infrastructures (FMIs) to maintain sufficient expertise and capacity for managing and controlling deliveries from IT providers.

The Importance of Cloud Services

The use of cloud services has become increasingly common, with many financial and non-financial businesses shifting towards expanded use of cloud services for core functions. While large cloud service providers contribute to innovation and development through economies of scale, the use of cloud platforms also presents challenges such as system misconfiguration and complexity.

Norges Bank’s Recommendations

To mitigate these risks, FMI owners must ensure they have sufficient expertise and resources to manage and control IT deliveries satisfactorily. Solutions must also be designed to be secure, easy to use, and administer.

Cloud Services: A Dominant Force

The cloud services market is dominated by three global tech giants - Google, Amazon, and Microsoft. Incidents at these providers can have a global impact, as seen in the recent “Bluebleed” incident at Microsoft’s Azure platform, which exposed the data of around 65,000 customers.

Norway’s Dependence on Foreign Cloud Service Providers

Norway’s national dependence on a small number of foreign cloud service providers and centralised data centers is a growing concern. To reduce this dependence, NSM has developed concepts for providing secure, efficient, and flexible services for the central government administration.

Norges Bank’s Work at a Sectoral Level

As part of its oversight work, Norges Bank assesses whether individual FMIs have sufficient continuity and contingency arrangements in place. The bank also considers whether additional contingency arrangements independent of the ordinary payment system are needed.

  • Cash is an essential part of overall contingency arrangements, and Norges Bank is responsible for supplying banks with cash and meeting the public’s demand for cash even in crisis situations.
  • The bank is assessing how cash-related contingency arrangements should be adapted to an evolving risk and threat landscape.

Information Sharing and Cooperation

Effective information sharing and cooperation are essential for dealing with critical incidents quickly. Nordic Financial CERT (NFCERT) and the Financial Infrastructure Crisis Preparedness Committee (BFI) are examples of public-private collaborations that bring together authorities and private entities to prevent and coordinate the handling of incidents with the potential to cause major disruptions to the financial infrastructure.

TIBER Testing: A New Framework

Recent years have seen the introduction of cyber security testing in accordance with TIBER-NO, a national adaptation of the TIBER-EU framework developed by the European Central Bank. The purpose of TIBER testing is to increase the resilience of the banking and payment system against cyber attacks that can have systemic consequences.

  • The first tests in Norway were carried out in autumn 2022, with entities responsible for critical functions participating in the TIBER-NO Forum.
  • A standardised testing programme ensures quality and comparability of experience with testing across countries.

New EU/EEA Rules for Digital Operational Resilience

The recent adoption of the EU’s Digital Operational Resilience Act (DORA) introduces new testing frameworks, including TIBER. As a key player in the financial sector, Norges Bank is committed to guiding entities through the testing process and ensuring the resilience of the banking and payment system.

Cross-Sectoral Contingency Arrangements

The Government white paper “National Control and Digital Resilience” emphasizes the need for a uniform and long-term society-wide approach to national security. The recommended measures include regulation and national security measures in light of the geopolitical situation.

Conclusion

In conclusion, FMI owners must prepare for efficient switching of providers, ensuring sufficient expertise and capacity for managing and controlling deliveries from IT providers. Cloud services present challenges that must be addressed through secure, easy-to-use solutions. Effective information sharing and cooperation are essential for dealing with critical incidents quickly. Norges Bank’s work at a sectoral level emphasizes the importance of contingency arrangements and testing frameworks in ensuring the resilience of the financial infrastructure.