Safety, security and financial integrity in the digital era
AS DIGITAL transformation ushers in numerous benefits and transformational improvements, these come with attendant drawbacks. Electronic channels are increasingly being targeted by cybercriminals. Cybercrime is continuously evolving, growing in sophistication and scope. The challenge requires a paradigm shift that has surfaced the need to balance between supporting technological innovation and managing attendant cyber risks. Ensuring security and integrity will contribute to the continued trust in the use of financial services in the digital age.
In line with this, the BSP embarked on a cybersecurity roadmap espousing a culture of cyber resilience to maintain public trust and confidence in the financial system. The BSP is actively enhancing its surveillance capabilities, forging collaborative partnerships and fostering a responsive regulatory landscape. In 2013, the BSP issued Circular No. 808 which serves as the framework for sound technology risk management by BSP Supervised Financial Institutions (BSFIs). The BSP also issued several regulations covering various facets of technology and cyber-risks.
To further heighten banks’ resilience against advanced cyberthreats, the BSP issued Circular No. 982 in 2017. It presents a holistic framework on information security risk management (ISRM) integrated with the BSFIs’ information security program (ISP) and enterprise risk management system with effective governance mechanisms to oversee the entire process, as depicted below: The Circular underpins three key elements for BSFIs:
The BSFI’s Board and Senior Management set the overall tone and strategic direction for information security by providing strong leadership and effective information security governance. They should take the lead in establishing an information security culture that regards security as an intrinsic part of the BSFI’s core business and operations.
With the stealthier, sophisticated and advanced forms of cyber-attacks confronting the financial services industry, BSFIs should have a collective, coordinated and strategic response through information sharing and collaboration. This enables BSFIs to proactively identify, prevent and respond to emerging threats. Beyond merely enforcing compliance, the BSP will continue to forge strategic partnerships to strengthen financial surveillance, improve policy engagement and foster dialogue.
BSFIs are expected to seek constant improvement in their cybersecurity posture through a continuing cycle composed of six major phases – identify, prevent, detect, respond, recover and test phases. This involves situational awareness, fortified and layered defenses and constant vulnerability management.