In the wake of recent high-profile cyber-attacks such as the WannaCry and Notpeyta attacks, the Reserve Bank’s head of prudential supervision, Toby Fiennes, told the Future of Financial Services conference in Auckland that the finance sector has a part to play alongside regulators and other authorities.
“The nature and incidence of cyber risk is unique, meaning that typical approaches to risk management and disaster recovery planning may not be appropriate. While cyber vulnerabilities can be mitigated, the potential sources of cyber threats and the attack footprint are just too broad, so they can never be eliminated,” Fiennes said.
He added that prescriptive regulations are not considered to be the appropriate route for now as they are unlikely to change the outcome. However, that will be frequently reviewed.
“As the prudential regulator, we’re looking at whether financial institutions appear to be taking cyber risks sufficiently seriously. We look to self-discipline and market discipline to provide the defences, agility and crisis preparedness that are required,” Fiennes said.
On the wider issue of the digital disruption facing the industry, Mr Fiennes said that the Reserve Bank is watching closely the reaction to customers’ demand for a more online experience. He said it should improve the efficiency of the financial system in the long term but that its impact is not clear.
“We’re working with other agencies, such as the FMA and Ministry of Business, Innovation and Employment, to ensure that New Zealand presents an environment where digital financial innovation can flourish, provided it is done safely,” he said.