The Bank and Financial Institution Forest Inspectorate (SBIF) held the fourth conference "Development, stability and sustainable development of banking" yesterday.
At the occasion, topics such as new capital agreements and Basel III liquidity agreements were discussed; bank resolution mechanisms and the use of stress tests in risk management; challenges related to new technological developments; banking supervision, financial inclusion; banking aware of the environment and cyber security.
These are very important issues that depend on the basic concept of the financial industry: trust. Trust in people in financial institutions is the cornerstone on which the system is built. We can not talk about sustainable development or less stability without first referring to trust.
Trust is based on experience and access to financial services.
The essence of the financial system is that people have safe, reliable and permanent access to their money. Therefore, the operational risk and the risk of cyberspace are so dangerous, because when they appear, they act where it hurts the most, trust the society. Therefore, its reputation is the main threatened value in the financial sector.
There are risks that are always important, such as financial and credit risk, but the operational and cyber security risks outweigh the others that need to be addressed.
In the case of a very complex subject, we undertook, as a Forest District, a burdensome task of learning how to manage the work on identifying and preventing these threats.
Strategies for cybersecurity defense must have a very strong preventive element, but the long-term success of the institution depends on their intelligence work: the organization must know its enemy, understand how it works, what motivates it, if you are looking for money or information.
The size of the challenge requires a new culture of risk and control environments.
We must understand that the problem is not that the criminal enters the institution, but that the institution is unable to understand when it will happen. In simplified terms, institutions must be able to detect thieves when they pass through the door, but when they come in, not when they come out.
It should be taken into account that the size and complexity of these challenges entail huge costs. For smaller institutions, this may mean burdensome barriers to the provision of services with an appropriate level of security.
This requires, among others, outsourcing of network services, servers and software development.
Because the functions of this criticality are provided to third parties, it is necessary for the institution to have a corporate government that is able to ask the right questions.
You can delegate the function, but it is never responsible. Only senior management can attribute to these threats the seriousness they have.
What is known as "signal from above" is what we expect from a more mature and solid industry.