The WFC 2019 event brought global CSDs together to discuss challenges facing CSDs, including cybersecurity.
Maintaining robust defences against cyber threats is a huge challenge for the financial industry – cyber threats are evolving all the time and it is essential that financial organisations stay up-to-date on the latest variables to ensure they have adequate cybersecurity in place.
Although the payments industry has been the main focus of cyber criminals in recent years, the securities industry is by no means immune to attack. Securities players, including Central Securities Depositories (CSDs), must take cybersecurity seriously.
At the recent World Forum of CSDs conference, a panel on cyber discussed the ongoing threat and what CSDs – as critical service providers in a wider ecosystem – can do to stay safe and ensure a high degree of cyber resilience. Alain Raes, Chief Executive EMEA and APAC, SWIFT was joined on the panel by Jesus Benito, CEO, Iberclear; Ridouane Azagrouze, CIO, Maroclear; and moderator, Marc Bayle, Director General Market Infrastructure and Payments, ECB.
Information sharing key to the fight
The panel acknowledged that the securities industry is not immune to cyberattack. “The securities industry is complex. Stealing money from securities-related business might be hard to achieve but it is certainly not impossible,” warned Raes. He referred to a paper that SWIFT issued jointly with BAE in September 2018 that indicated that beyond the banking and payments markets where the risks are well documented, the securities market is indeed vulnerable to cyberattacks due to its complexity, large number of touchpoints and high concentration of assets.
Raes went on to highlight information sharing as one of the most important activities an organisation can undertake to help protect its ecosystem, even though this does not come naturally in the financial industry where organisations fear confidentiality breaches and reputational damage. He urged organisations to co-ordinate with their peers to share threat intelligence and defend market interests.
“We know that trust is a concern for financial organisations, especially in the securities industry, but the more information a community is able to share, the better chance of avoiding or fending off an attack,” said Raes.
Raes explained that SWIFT has developed the ‘SWIFT ISAC’ information sharing portal to share technical intelligence with the community. “When our forensics team identifies new attack patterns, techniques or other information that can help customers protect against cyberattack, we publish this intelligence in anonymised form to the wider community.”
This information has already made a tangible difference in the fight against cyberattacks, and Raes encouraged CSDs to sign up to the SWIFT ISAC to benefit from the intelligence.
The panel also discussed the importance of CSDs training their staff and board members on cybersecurity best practice, noting that in some countries access to the latest cyber skills are not always readily available. Skill scarcity is a common concern and working together to share skills and experience among CSDs can help bring the whole industry to a common level of knowledge.
Testing systems recovery was also considered to be an area where more sharing would be helpful. The global and interconnected nature of the financial industry makes reconciliation and restarting after a breach very complex, and any testing exercises that can be done to help prepare CSDs at national or global level were considered valuable by the panel.
|The global community of CSDs meets at WFC 2019|
The World Forum of CSDs conference in Marrakech in April gathered more than 200 delegates from around the world, including members from its five regional CSD organisations, as well as regulators and other stakeholders from across the capital markets.
Along with cybersecurity, other hot topics at the WFC’s biennial conference included the challenges and opportunities of embracing new technologies, regulations shaping CSDs in Europe, and how the CSD community needs to collaborate and forge links in order to thrive.
The conference kicked-off with opening remarks by Lee Byunghrae, Chairman and CEO of the Korea Securities Depository and chairman of the Asia-Pacific Central Securities Depository Group, as well as chairman of the World Forum of CSDs. Mr Lee identified increased cooperation between CSDs, including the use of common services, as well as the exchange of know-how, experience and ideas, as the best way to tackle the growing challenge of cybersecurity and the threats and opportunities created by new technologies such as blockchain, AI, machine learning and robotics.
Participants expanded on these themes during the breakout sessions, and discussed the fact that new technologies alone are not enough to address the legal, regulatory, and operational incompatibilities between CSD links. For this, they said, standards are needed.
Panel discussions also looked at other key issues affecting CSDs, including fintechs and how to work with them; the need for CSDs to diversify revenue streams and the challenges this poses; planning for the unknown at the same time as looking after customers’ current requirements; and the need to align cross-border regulations and operational processes.