Banking industry should dialogue with regulators on cybersecurity

KUALA LUMPUR, 8 December 2020 - There is an increasing need for the banking industry to have regular, transparent dialogues with regulators on ways to address cybersecurity risks, according to a Financial Services Industry leader.

Anthony Tai who leads Deloitte Malaysia’s Operational Risk, Assurance and Cyber Risk service lines noted discussions were ongoing but that the content was superficial, as most banks seemed reluctant to share their actual challenges for fear of disclosing too much to their competitors.

“To effectively address cybersecurity risks, the industry needs clear and simple guidance on cybersecurity frameworks, better cybersecurity defence coordination and cooperation for banks, and a transparent and safe environment to share challenges and encourage dialogue,” he said.

According to him, the proliferation of cybersecurity attacks on banks and the finance industry prompted regulators and payment network operators to ramp up their scrutiny on banks’ cybersecurity frameworks, strategy and effectiveness of countermeasures and increased guidelines and requirements.

Regulators also required banks to conduct simulated cyberattacks on their networks instead of the traditional table top exercises, he noted.

In his research themed “Digital and cyber in the new normal: How banks need to evolve”, Tai said traditional banks need to evolve, either through transforming the way they operate or by forging partnerships with new entrants into the industry, in order to stay competitive.

He said the rapid advancement of digital technology has eroded the relatively high barriers for entry into the industry, where new entrants then were faced with strict requirements on capital, regulatory approval, and even trust.

“These new players who typically have significant funding support include players from various industries such as media and telecommunications, e-Commerce, energy and resources, infrastructure, and even plantations.

“Regardless of the strategy, the truth remains – banks must become digital champions to thrive in this new normal”, he said.

In this context, a digital champion, he explained, is a bank that has embraced a business and operating model which is digitally enabled and customer-centric.

To start the transformation process under the business model, he said the bank will first need to adopt the mantra of “Customer comes first”.

“The bank will then be required to conduct a holistic evaluation of the channels used to reach customers and also the design of the products and services offered.

“This will include using data analytics to derive deeper insights into customer behaviour and their respective segments, and further analysing which product offerings resonate best with the targets.”

Armed with these insights, he said the digital speed and time taken for banks to create new customised, innovative products and services to be offered now becomes critical, as all competitive advantage is lost when a digital bank is perceived to be a laggard by customers.

Tai said partnerships will also play a key role in a bank’s digital go-to market model and an ideal partnership would involve synergistic players with niche capabilities to augment the bank’s current ones.

“Without a robust operating model, a bank may have limited ability to support its customers. For a bank to go digital, technology is the main focus and this is especially within the areas of governance, strategy and operations.

“Additionally, the shift from traditional Capital Expenditure (CAPEX) models to Operating Expenditure (OPEX) models should also be taken into consideration. This means that the digital bank needs to migrate away from owning and operating large scale data centres to subscribing to services from cloud service providers.”

Among others, Tai also acknowledged that Covid-19 has forced a shift in working patterns, with a majority of employees including those in the banking sector, adapting to the new normal of working from home.

“This practice is predicted to continue into the future, as banks and their talents embrace the benefits of working from home.

“This has also introduced additional cybersecurity risk factors into a digital bank’s IT environment most notably affecting end point, and also network security. Moving forward, digital banks will need to look at efficient and effective solutions to manage this,” he said.

The views and opinions expressed in this article are those of Anthony Tai, Executive Director, Risk Advisory – IT & Specialised Assurance, Deloitte Malaysia.