Guardian ( Trinidad and Tobago ) 20 April 2023 ( Page 15 )
Greater cybersecurity focus needed 15 IMF on T&T’s financial sector: There is an absence of “dedicated guidance” on the subject of cybersecurity by the Central Bank of T&T (CBTT), the International Monetary Fund (IMF) has stated. The IMF made the statement in a recently published High-Level Summary Technical Assistance Report which looked at strengthening cybersecurity in this country’s financial institutions. The report was prepared by Tamas Gaidosch and Rangachary Ravikumar. According to the IMF, the Central Bank requested technical assistance to strengthen its cybersecurity posture and the cybersecurity of the financial institutions under its supervisory ambit, and those of other financial sector regulators. In response, the IMF said a technical assistance mission visited this country from October 31 to November 4 last year “to provide support to the CBTT in a project aimed at enhancing its cybersecurity posture focusing on governance and Identity and Access Management (IAM), providing guidance in drafting a guideline applicable to financial institutions, conducting a seminar on regulations and assessing the supervisory capacity.” “Cybersecurity governance at CBTT is set up according to generally accepted practices with recently updated policies and procedures. Information Technology (IT) governance responsibilities commingled with the second line of defence, resource constraints, information security function reporting to IT function, and less focus on payment systems other than SWIFT were some of the concerns identified by the Mission. The project is in the preparatory stage, and the project arrangements were comparable to good practices observed elsewhere,” the report’s findings stated. “CBTT’s regulatory environment on cyber is marked by instructions being part of several guidelines in an indirect way in the absence of a dedicated guidance on the subject. The seminar on cyber risk regulation contributed to building capacity to draft a guideline on the topic. Supervisory practices pertaining to cyber risk need strengthening with focus on addressing resource constraints, conducting regular risk-based onsite examinations, and setting up offsite supervision capabilities,” it stated. The mission’s recommendations focused on strengthening the cyber posture of the CBTT as well as the financial institutions supervised by CBTT and included the following: (i) Address weaknesses in the governance process, improve Board level discussions, increase resources, adopt security hardening baselines, and commission security reviews of payment system. (ii) Define Phase II of IAM project, coordinate with business units to define access roles, ensure adequate resources in project management, and adopt a phased approach with good governing practices. (iii) Draft a focused cybersecurity guideline based on seminar inputs and international best practices, allocate resources, improve supervisory intensity and practices.