Addressing cyber risk in the financial sector

Despite various challenges, the financial sector in Bangladesh is undergoing a rapid digital transformation, driven by economic development and the increasing adoption of new technologies. This shift brings significant cybersecurity challenges that need to be addressed to protect the sector. Managing compliance, staying ahead of regulatory changes, and protecting customers, brand reputation, data, and technology infrastructure are crucial. Even the central bank is cautioning the stakeholders regarding this at frequent intervals.

Digital initiatives are reshaping our financial landscape, with institutions adopting new operating models to stay competitive. However, this transformation also exposes them to cyber threats. A comprehensive approach to transforming cybersecurity from a defensive stance to a value-added position is essential.

Key regulatory trends in the financial sector focus on operational resilience, outsourcing, and information and communications technology. Operational resilience emphasises the ability to withstand, absorb, and recover from disruptions, prioritising critical areas, setting standards, identifying vulnerabilities, and investing in resilience. Outsourcing regulations extend cybersecurity rules to third-party service providers, particularly cloud and infrastructure service providers. The increasing digitisation of business and workforce introduces new risks, necessitating effective asset inventory processes and risk monitoring and reporting capabilities.

Existing risk management practices in financial institutes are not enough to keep up with the rapid innovation and evolving technologies in financial services. Executive leadership often fails to understand the business impact of cyber risk due to vague risk tolerance and appetite. Mergers and acquisitions introduce integration challenges with inherent cyber risks. Decentralised teams make product decisions without considering cyber risk, and a product revenue focus inhibits support for key cyber strategic initiatives and decision-making.

A comprehensive cyber risk management policy guides the organisation, supported by robust governance processes to identify, assess, and mitigate risks. Metrics and reporting are essential to measure and communicate the programme's effectiveness, ensuring continuous improvement and alignment with the organisation's risk tolerance.

Bangladesh has adopted the 'National Information and Communication Technology (ICT) Policy 2018', 'National Digital Commerce Policy 2018', 'Cyber Security Act, 2023', and 'Electronic Transaction Act' to advance its ICT sector. These policies aim to develop country-wide ICT infrastructure to ensure information access for all citizens, facilitating empowerment, good governance, and sustainable economic development.

The Bangladesh Bank has published 'Guideline on ICT security for Banks and Non-Bank Financial Institutions, 2023', 'Guidelines on Cloud Computing March 2023', and 'Integrated Risk Management Guidelines for Banks, 2018'. These guidelines and regulations, including the 'Bangladesh Mobile Financial Services Regulations 2022' and 'Bangladesh Real Time Gross Settlement System Rules', 'Regulations on Electronic Fund Transfer 2014', 'Bangladesh Payment and Settlement Systems Regulations 2014' are essential for standardising, securing, and streamlining financial transactions, payments, and settlements. Additionally, the Copyright Law of 2000 has been revised to cover computer software.

The government and financial institutions hence must work together to address the challenges posed by cyber threats. By investing in comprehensive cybersecurity strategies and fostering a culture of security, the country, central bank and the operators can protect its financial sector and build trust in its digital economy.

Mamun Rashid is the chairman at Financial Excellence Ltd