Greater cybersecurity focus needed
15 IMF on T&T’s financial sector:
There is an absence of “dedicated guidance” on the
subject of cybersecurity by the Central Bank of T&T
(CBTT), the International Monetary Fund (IMF) has
stated.
The IMF made the statement in a recently published
High-Level Summary Technical Assistance Report
which looked at strengthening cybersecurity in this
country’s financial institutions.
The report was prepared by Tamas Gaidosch and
Rangachary Ravikumar.
According to the IMF, the Central Bank requested
technical assistance to strengthen its cybersecurity
posture and the cybersecurity of the financial
institutions under its supervisory ambit, and those of
other financial sector regulators.
In response, the IMF said a technical assistance
mission visited this country from October 31 to
November 4 last year “to provide support to the CBTT
in a project aimed at enhancing its cybersecurity
posture focusing on governance and Identity and
Access Management (IAM), providing guidance in
drafting a guideline applicable to financial
institutions, conducting a seminar on regulations
and assessing the supervisory capacity.”
“Cybersecurity governance at CBTT is set up
according to generally accepted practices with
recently updated policies and procedures.
Information Technology (IT) governance
responsibilities commingled with the second line of
defence, resource constraints, information security
function reporting to IT function, and less focus on
payment systems other than SWIFT were some of the
concerns identified by the Mission. The project is in
the preparatory stage, and the project arrangements
were comparable to good practices observed
elsewhere,” the report’s findings stated.
“CBTT’s regulatory environment on cyber is marked
by instructions being part of several guidelines in an
indirect way in the absence of a dedicated guidance
on the subject. The seminar on cyber risk regulation
contributed to building capacity to draft a guideline
on the topic. Supervisory practices pertaining to
cyber risk need strengthening with focus on
addressing resource constraints, conducting regular
risk-based onsite examinations, and setting up
offsite supervision capabilities,” it stated.
The mission’s recommendations focused on
strengthening the cyber posture of the CBTT as well
as the financial institutions supervised by CBTT and
included the following:
(i) Address weaknesses in the governance process,
improve Board level discussions, increase resources,
adopt security hardening baselines, and commission
security reviews of payment system.
(ii) Define Phase II of IAM project, coordinate with
business units to define access roles, ensure
adequate resources in project management, and
adopt a phased approach with good governing
practices.
(iii) Draft a focused cybersecurity guideline based on
seminar inputs and international best practices,
allocate resources, improve supervisory intensity and
practices.