Throughout 2021, the Basel Committee has written newsletters about improving banks’ resilience to cyber threats, climate-related financial risk, how to develop global sustainability standards, and the impact of financial digitization on the banking system. The amount of external cyber threats and incidents, such as ransomware attacks, have made banks concerned, and poses major risks to their financial systems and the safety of individual banks.
Due to Covid-19, many banks have switched to remote working settings, which caused an increase in different channels of attacks. Banks use third party service providers in order to work remotely; however, it allows malicious actors to have greater points of access to the banks’ systems. Although these attacks reminds us that cyber security measures should be taken into account with these providers, ransomware will continue to be one of the crucial cyber threats that the banking industry must face. Therefore, cyber security has been an important element of the Basel Committee’s strategy that has been approved by the Group of Governors and Head of Supervision earlier this year.
In order to bring more awareness to banks about operational resilience and operational risk, the Committee has earlier this year issued: the revised Principle for the Sound Management of Operational Risk (PSMOR) and the Principles for Operational Resilience (POR). The PSMOR reassessed the operational risks related to information and communication technology, vulnerability to cyber threats and countermeasures that can prevent such attacks. The POR has done an in depth evaluation on the resilience banks have towards cyber attacks, and the bank’s capability to continue conducting important operations during a potential disturbance. In addition, in order for banks to better protect themselves from threats and potential failures, they must first identify the threat and respond and adapt to keep operating during the disruption. Then afterwards, they need to be able to recover and learn from any breaches that have been caused from the disruption and minimize their impact on the delivery of vital operations.
The Committee encourages all banking authorities to adopt the tools, practices and frameworks of cyber risk management. Choosing such approaches will enable banks to identify, assess, manage and mitigate their exposure to the risks of cyber attacks. The Committee shall continue to observe and evaluate the developments in the individual banks with cyber risk management and resilience in order to aid the confidentiality and integrity of the banks’ systems from cyber threats.
The Basel Committee has also examined how climate change has an impact on financial risks. This includes climate risk drivers and climate risk changes that could increase financial risks. Measurement methodologies on financial risks are to the extent where the Committee intends to mitigate these kinds of risks. Although there are transmission channels and methodologies in use to eliminate certain risks, climate change is unpredictable, which causes data gaps and uncertainty in research findings. Meeting these challenges will enhance the ability to effectively assess and mitigating climate-related financial risks. Furthermore, the Committee also welcomed the International Financial Reporting Standards (IFRS) Foundation to create a set of global sustainability standards. The new common standards will improve the consistency, comparability and reliability of sustainability reporting which will include the institution of an International Sustainability Standards Board.
Committee members also discussed the effects of the current digitization and disintermediation of finance on the banking system. In an in-depth thematic analysis, an inventory was made of the drivers of the banks’ strategic decisions in relation to financial technology. The Committee also reviewed the competitive landscape for retail banking provision, including non-bank financial and technology institutions, and in particular, key regulatory risks and challenges.