Dina Quraishi, CRO at SWIFT, talks to Risk.net about SWIFT’s approach risk and how technology can be both a threat and an enabler.
Risk.net: SWIFT’s CRO on Bangladesh Bank heist, cyber risk and DLT - Alexander Campbell
Quraishi lays out SWIFT’s approach to members’ security, and technological risks and opportunities.
Dina Quraishi could fly before she could drive. She says learning to safely pilot a light aircraft was her first step in a risk management career that has taken her, via Zurich Insurance and engineering group Sandvik, to processor of interbank payments SWIFT, where she has worked as chief risk officer since November 2015.
Shortly after her arrival, in February 2016, the central bank of Bangladesh suffered one of the most ambitious thefts in history: stolen SWIFT authorisation codes apparently allowed the thieves to transfer $101 million from the bank’s account at the Federal Reserve Bank of New York to various accounts in Sri Lanka and the Philippines. Only some of the money was later recovered.
SWIFT’s own security wasn’t at fault, the firm’s chief executive Gottfried Liebbrandt said later in the year, but SWIFT nevertheless took the Bangladesh Bank theft as a cue to pay a lot more attention to security among its members. This resulted in the launch of the Customer Security Programme, which introduced new mandatory security measures and daily reports of customers’ SWIFT activity, enabling them to look for anomalies. Swift will also shortly roll out a feature allowing customers to tailor their own analytics in order to reduce false-positive rates and improve the chance of picking up activity that lies outside the norm.
The programme was expanded in May 2017 with the launch of an information sharing and analysis centre – an online portal hosting all of Swift’s information on cyber security in a searchable format. The portal includes details of malware and intelligence gleaned from Swift’s investigations into attempted cyber attacks on its customers.
The full interview is available on Risk Magazine’s website (subscription required).