Frédérique De Simone
11 February 2019 11:30
Photo : Freepik
To offer products and services tailored to the needs of their customers, financial institutions need to rely as much on new technologies than on human judgment.
Ben Gully, assistant superintendent at the Office of the superintendent of financial institutions (OSFI), has defended this thesis in front of an audience gathered in Toronto by theC. D. Howe Institute, February 7. He titled his speech Risk non-financial and operational resilience : the rise of the machines.
“Although the financial resilience should remain at the heart of our concerns, it is equally important to pay attention to risk management non financial. The recovery in equity does not improve resilience in the face of a cyber attack, ” said Mr. Gully. He added that it is necessary to focus on the human effort to get there, and this, despite the fact that machines improve the identification of problems and reduce costs.
The mégadonnées : a growth-manage
The mégadonnées are already well used by the financial institutions for a multitude of things : measure and manage credit risk, detect fraud, price, and optimize the investment portfolio, interact with clients and provide consulting services to the customer, has listed Mr. Gully. He noted that the high volume of mégadonnées can lead to fears that evidence in terms of confidentiality, risk of prosecution and damage to reputation of financial institutions.
Mr. Gully has pointed out that OSFI wants to hone his tools, his skills and his training programs in the face of new technologies. The regulator is currently undertaking a digital transformation and refines its own internal protocol for intervention in case of cyberaccident, while working with the canadian Centre for cyber security, in the event of an incident of national security.
Manage his relationships
In his speech, Mr. Gully addressed the issue of third parties that may be involved in a transaction, either an it provider or accounting software, among others. He called on financial institutions to be vigilant, because the service offered by the third party can be a source of risk and potential damage.
“There must be a fear that the risks covered by the third party spread quickly and cause a business disruption. What sustained this supplier may damage the reputation of the financial institution, ” said Mr. Gully. The assistant superintendent adds that, for this reason, OSFI expects that financial institutions understand and manage in all circumstances the risks attaching to the agreements which they conclude with third parties and suppliers.
The cyberrésilience of a financial institution reflects its ability to detect intrusions, respond quickly and to resume its activities, said Mr Gully. He added that this resilience resides in a multitude of things : the perimeter security of the company to, use of, secure configuration, control user access, malware protection and patch management are some lists there.
Mr. Gully recalls that a good number of cyber-attacks have been perpetrated through the banking numbers : payments fraud, phishing, data or identity theft by e-mail, as well as out-of-control automated accounts are now part of their daily lives.