As the demand for digital services increases for banking and Financial Service Industries (FSIs), providing a secure service and environment for customers is a prerogative which banks and FSIs cannot afford to risk. The impact of any cybercrime, fraud or data breach from such services can not only end up seeing banks and FSIs suffer huge losses but also have a damaged reputation.
Cybercriminals continue to find new ways to infiltrate banks and FSIs. There have been several cases worldwide in which banks have had their data breached or systems compromised. A recent example would be the Bank of America, whereby the bank accidentally exposed customer financial data during a test run on its microsite. In this case, the bank incorrectly handled data and accidentally revealed sensitive information.
Here in Malaysia, a local banking group was imposed an Administrative Monetary Penalty by the central bank, Bank Negara, for data breach incidents in 2018. The compound amounts were determined by considering relevant aggravating and mitigating factors, as well as immediate remedial steps taken to address gaps and further strengthen existing controls to ensure the protection of customer information.
In both examples, the banks ended up paying fines and compensations. To ensure banks and FSIs in Malaysia are more accountable and vigilant towards the technology they use, as well as their customer data, the central bank introduced the Risk Management in Technology (RMiT) policy. Effective this year, all banks and FSIs operating in Malaysia will have to adhere to the requirements of this policy. This includes the management of risks that come with technology, such as data breaches and disruptions that can lead to financial loss.
In order to ensure that they adhere to increasing numbers of policies and regulations, banks have to be able to prove that they have sufficient mitigating measures in place, and a strong business workflow to support compliance. They will have to document down the steps of risk mitigation. They also have to prove that their existing controls are operating effectively and adequately, and any control gaps uncovered by their audit activities are being closed and covered – thereby strengthening the controls. To address these challenges, solutions like IBM OpenPages with Watson can not only provide concrete proof points but also ensure and enforce risk culture in their organisations.
In addition, solutions like IBM Cloud Security Advisor can provide centralised security management via a security dashboard. The security dashboard unifies vulnerability and network data, as well as application and system findings from IBM services, partners and user-defined sources. Through this, banks and FSIs will have centralised visibility, empowering their security admins to cohesively manage security on IBM Cloud workloads.
With a security dashboard like the Security Advisor, banks and FSIs can have:
Centralised management – Unifies critical security information across different services and technologies within IBM Cloud for a single consistent view.
Remediation steps – Enable prioritisation, investigation and resolution of security issues to security admins.
Open integration – Be able to integrate with key IBM Services, and critical third-party technologies plus have custom integrations.
Some of the mentioned challenges are not new to a company like IBM. IBM has been partnering with FSIs in Malaysia and across ASEAN to ensure all their online services to customers are resilient and highly available at all times to avoid disruptions to customer transactions and experience. Technology Operations Management is a wide area spanning across applications, cloud services, IT infrastructures and applying technology governance to ensure proper rigour, test, protection of data, applications and vulnerabilities. Today’s organisations seek to have a “single pane of glass” to gain insights to manage all these challenges in a fast-growing digital world. They want a one-stop provider with a wealth of expertise and solutions that can help them to grow at pace where technology risk is highly mitigated.
To help banks and other financial institutions understand more about RMiT, IBM will be organising a webinar on the 18th June 2020. There will be several speakers from IBM sharing the key considerations, capabilities and approaches you need to address concerning managing technology risk.
In this webinar, IBM will also share how technologies related to hybrid cloud integration, data, Operational Risk Management, fraud prevention and security can be applied to achieve the control measures outlined in the RMiT.
To join the webinar, click here.