Fintech, cyber risk & solutions

The increasing inevitability of cyberattacks and data breaches in today’s digital economy is causing regulators in Asia-Pacific to worry about the risk to financial services of a systemic cyber event.

These events pose a major threat in terms of service, confidence and capacity to keep the wheels of commerce in operation, so regulators are moving rapidly to strengthen their regulatory and supervisory capabilities.

According to Deloitte's Cyber regulation in Asia Pacific report, cyber-attacks globally and within Asia Pacific have increased in frequency and sophistication, with the cost of cybercrime estimated around $US575 billion a year. Financial services organisations are a key target. 

Click image to zoom Tap image to zoom

We argue a multi-pronged but coordinated approach should be adopted - one focused on security, vigilance and resilience, supported by robust governance and guided by a clear strategy. This will best position financial institutions to be cyber strong and to stay ahead of regulatory expectations. 

" A multi-pronged but coordinated approach should be adopted." Kevin Nixon & James Nunn-Price

Targeted in APAC

This is hardly surprising: the financial system relies on confidentiality of data, protection of deposits, and provision of critical services. The threat, given the frequency of cyber-attacks recently, is clear and present.

Because financial institutions are becoming data-driven digital businesses as more financial services are delivered online cyber risk increases. Given the financial system is extensively interconnected and increasing ICT interdependence across borders if cyber risks and responses are not well managed the impact of a cyber event can quickly spread.

That then drives regulators to consider appropriate standards and supervisory tools and actively urge firms to enhance their capabilities to address these emerging threats

But it’s not just meeting regulatory demands which makes managing cyber risk important - robust security and risk management is essential for maintaining trust and enhancing a competitive edge to retain customers.

Views from regulators 

Click image to zoom Tap image to zoom

Varied approach

Although cyber threats cut across borders, regulatory approaches to cyber risk in Asia Pacific are varied and localised, with no significant steps yet taken towards harmonised standards across the region.

Many financial institutions struggle to understand the regulatory differences at a country level or are aware of emerging threats so as to design coherent and robust cyber risk programs across jurisdictions.

Another challenge for firms is the shortage of IT security specialists and cyber professionals, making it difficult to stay up to date with the pace of change in the cyber landscape.

There can also be a lack of management recognition or understanding of the importance of cyber security, which may mean a failure to adopt a coordinated approach across functions.

While different countries face different challenges, there are broad regulatory themes and approached common across the region underlying the clutter of difference laws, rules and standards.


Click image to zoom Tap image to zoom

Cyber-attacks are inevitable. Regulators and organisations must accept this and turn their attention to building enterprise-wide programs to ensure they can adapt quickly and effectively to the constantly changing landscape. The ability to recover fast is critical.

Beyond individual action, it is important for industry, regulators and governments to work together to further enhance cyber skills and expertise, to develop common standards and approaches, and to support information sharing.

Coordinated responses to incidents and attacks, drawing on group knowledge and experience, is a key element to maintaining cyber resilience within the system as a whole and among its many participants.

Click image to zoom Tap image to zoom

Kevin Nixon & James Nunn-Price are partners, risk advisory at Deloitte

The views and opinions expressed in this communication are those of the author and may not necessarily state or reflect those of ANZ.

editor's picks

28 Jul 2017

Real-time payment: busting the myths around PayID

Kate Sutherland | bluenotes contributor

New system supports easy-to-remember ID to safely direct or receive payments.

14 Jun 2017

Trusted intermediaries: banks vs FANGs

Andrew Cornell | Past Managing Editor, bluenotes

Banking is essential to a modern economy but banks are not. Can FANGs fill the role?

05 May 2017

RegTech: creating value, not disruption

Chami Akmeemana | Executive director of regulatory solutions, ConsenSys

Since the financial crisis in 2008 the speed of regulatory change has accelerated rapidly, consuming an increasing amount of time and resources. In 2014, the top six banks in the US spent over $US70 billion on emerging regulation.

18 May 2017

Financial crime's dynamic duo: AUSTRAC & industry

Guy Boyd | Head of Financial Crime, ANZ

We speak to AUSTRAC CEO Paul Jevtovic on the relationship between regulators and the private industry.