Financial Crime World

Strengthening Cybersecurity Measures Against Financial Crime in Trinidad and Tobago

The Central Bank of Trinidad and Tobago has taken significant steps to enhance its cybersecurity posture and protect against financial crimes by strengthening measures to safeguard financial institutions under its supervision.

Request for Technical Assistance

According to a recent report by the International Monetary Fund (IMF), the Central Bank requested technical assistance to strengthen its own cybersecurity posture as well as that of financial institutions. The mission provided support in a project aimed at enhancing:

  • Cybersecurity Governance: Providing guidance on drafting guidelines applicable to financial institutions
  • Identity and Access Management (IAM): Conducting seminars on regulations, assessing supervisory capacity, and defining Phase II of the IAM project

Concerns Identified by the Mission

The report highlighted several concerns identified by the mission, including:

  • Commingling IT Governance: Information technology (IT) governance responsibilities with the second line of defense
  • Resource Constraints: Limited resources for cybersecurity measures
  • Lack of Focus on Payment Systems: Insufficient attention given to payment systems other than SWIFT
  • IAM Project in Preparatory Stage: The IAM project was found to be in its preparatory stage, but project arrangements were deemed comparable to good practices observed elsewhere

Recommendations

The mission’s recommendations focused on strengthening the cyber posture of both the Central Bank and financial institutions supervised by it. These included:

  • Addressing Governance Weaknesses: Improving board-level discussions and governance processes
  • Increasing Resources: Allocating additional resources for cybersecurity measures
  • Adopting Security Hardening Baselines: Implementing security hardening baselines to protect against cyber threats
  • Commissioning Security Reviews: Conducting security reviews of payment systems to identify vulnerabilities

Additionally, the mission recommended:

  • Defining Access Roles: Coordinating with business units to define access roles and ensuring adequate resources for project management
  • Adopting a Phased Approach: Implementing a phased approach with good governing practices to ensure cybersecurity measures are effective
  • Drafting a Focused Cybersecurity Guideline: Drafting a focused cybersecurity guideline based on seminar inputs and international best practices

Expected Outcomes

The strengthening of cybersecurity measures is expected to enhance the resilience of financial institutions in Trinidad and Tobago, reducing the risk of financial crime and protecting the integrity of the financial system.

By implementing these recommendations, the Central Bank of Trinidad and Tobago aims to create a stronger, more secure financial environment for its citizens.