Cyber-attack poses a significant threat to the global financial system but the Reserve Bank has decided not to introduce more prescriptive requirements at this stage due to the swiftly changing nature of both the threats and the technology, said Reserve Bank head of prudential supervision Toby Fiennes.
"The nature and incidence of cyber risk is unique, meaning that typical approaches to risk management and disaster recovery planning may not be appropriate. While cyber vulnerabilities can be mitigated, the potential sources of cyber threats and the attack footprint are just too broad, so they can never be eliminated," Fiennes said in a speech published on the central bank's website.
"The dynamic cyber environment means that organisations have to be nimble in their approach to cyber security - focused on outcomes, rather than prescriptive compliance exercises," he said.
Fiennes said the central bank did not believe prescriptive regulations would appreciably improve the outcome, when the technology and threat landscape are both changing so rapidly. "We will, however, review this policy stance from time-to-time to ensure that it remains appropriate," he added.
Fiennes said the central bank is focused on mitigating the systemic risks associated with a possible cyber-attack. These include a cyber-attack on one or more banks, non-bank deposit takers, financial market infrastructures (FMI) or insurers that would lead to a broad loss of confidence in the financial sector; an attack on more or more firms or FMIs that disrupts critical banking and financial services and economic functions; or an attack that would lead to the outright failure of a large, systemically important financial firm or FMI.
He also said the Reserve Bank is closely watching the "emerging wave of 'digital disruption' affecting the banking sector related to fintech, including peer-to-peer lending services, electronic wallets, crypto currencies and so-called "open-banking," among others.
In the short-term digital disruption may result in new risks and increased instability in the financial system but in the long term, it may improve its efficiency, said Fiennes. "Looking forward, the Reserve Bank and other regulators will need to make sure the regulatory regime in New Zealand is adaptive should any new business models become systemic, while not unduly harming innovation," he said.
He said the central bank is working closely with other agencies, such as the FMA and Ministry of Business, Innovation and Employment, to ensure that New Zealand presents an environment where digital financial innovation can flourish, provided it is done safely.
This article is tagged with the following keywords. Find out more about MyNBR Tags
- Never mind the policy, feel the good intentions, Ardern says
- Transmission Gully earthworks estimate undershoots by 50%
- Fuji Xerox sues former executives
- What New Zealanders feel about English and Ardern – and why it matters
- Alarming shortage of building professionals and tradies for $138 billion of projects
Most listened to
- Labour leader Jacinda Ardern joins Simon Dallow in the NBR View studio this morning
- Housing strategist Leonie Freeman discusses the alarmingly low rates of new house builds in Auckland
- Jason Walls canvasses reaction to Labour exploring tax breaks for SME investment
- Synlait managing director John Penno on capacity constraints and supplying China
- NBR Radio: best of the week ended September 15, with Grant Walker