tmmonline.nz  |   landlords.co.nz        About Good Returns  |  Advertise  |  Contact Us  |  Terms & Conditions  |  RSS Feeds

NZ's Financial Adviser News Centre

GR Logo
Last Article Uploaded: Thursday, November 21st, 6:44PM

News

rss
Latest Headlines

FMA sets its sights on cyber security: a new to-do list for embattled financial services providers

The financial services sector recorded the highest number of cyberattacks of any industry group in the first quarter of this year, according to a report by CERT NZ, a government-owned cybersecurity business.

Monday, June 27th 2022, 12:40PM

by Jenni McManus

All up, the sector reported 91 attacks, mainly involving phishing and credential harvesting. The next most-attacked industry groups were healthcare and special assistance (13 attacks) and manufacturing (12).

The Financial Markets Authority (FMA) cited these figures last week as it released a new cyber security information sheet for financial services businesses, setting out in detail its expectations about how cyberattacks should be prevented, contained and reported, and how harm to customers might be mitigated.

It warns that the financial services sector is a popular target for cyber criminals and the increasing digitisation of the industry makes it more vulnerable. Attacks are increasing in frequency, sophistication and severity, it says.

The information sheet is the second piece of cyber-guidance the FMA has released to financial services providers in the past three years and is by far the most prescriptive.

The first, in 2019, was a thematic review of cyber resilience within the entities the FMA regulates. “Following the thematic, we expected entities to reflect on our findings and, where necessary, improve their cyber resilience capabilities,” it said.

That the FMA would be “enhancing” its regulatory approach to cyber and operation resilience was also flagged in its annual corporate plan for FY21/22.

So, in the wake of this latest information sheet, market participants can expect a “heightened focus” by the regulator. This will include “reviewing entity obligations, enhancing our monitoring approach and engaging with stakeholders and other regulators to raise awareness and capability”.

With the increase in cyber threats and technology-related outages, the regulator says there appear to be “shortcomings” in the cyber resilience and operating systems of entities it regulates.

These include under-investment in technology and the use of unsupported or legacy systems.

The requirements are now clear. All entitles licensed by the FMA must have effectives systems, policies, processes and controls to meet their market services obligations, and secure IT systems. Financial advice providers have specific obligations.

In addition, financial services providers must be aware of the risks that potentially impact their organisations, including supply chain risk, and must understand their own capabilities. They also need to have in place “appropriate” governance, training, incident response management and reporting and remedial structures.

All systems, controls and policies must be regularly reviewed to identify vulnerabilities specific to each business. To deal with cyber threats, businesses need have plans in place to do (at least) the following: identify, protect, detect, respond and recover.

Boards and senior management need a strong understanding of the state of their operating systems and technology, and the cyber risks facing the organisation, the FMA says. And because cyber risk exists at all levels of a business, all staff should be given cyber security training.

Businesses regulated by the FMA should notify the regulator of any cyber security event that materially disrupts or affects their ability to provide their regulated services or has a material adverse impact on customers.

The focus should be on preventing cyberattacks and mitigation. Businesses need to be able to demonstrate this by having effect controls, governance, processes, reporting and frameworks in place.

If an attack results in the disclosure of personal information, as defined by the Privacy Act 2020, businesses need to be aware of their statutory obligations. If customers are affected by a service issue or outage, “entitles should facilitate the best possible outcomes for affected customers”.

Once an incident has been contained and resolved, the business should conduct a comprehensive inquiry to understand the root cause. The FMA wants to see a post-incident report “as soon as practicable” after the event.

In its 2019 thematic review, it said firms should subscribe to CERT’s free security advisories via email on by following these alerts on Twitter.

“We do not believe there is any FMA-regulated sector in New Zealand that is safe from cyberattacks,” it said. “Financial services firms should not allow their size, or lack of it, to create a false sense of security.”

Tags: FMA

« Controversial and coming soon, but how broad is COFI’s reach?Tough times ahead for NZ economy: Nikko economist »

Special Offers

Comments from our readers

No comments yet

Sign In to add your comment

 

print

Printable version  

print

Email to a friend
News Bites
Latest Comments
Subscribe Now

Weekly Wrap

Previous News
Most Commented On
Mortgage Rates Table

Full Rates Table | Compare Rates

Lender Flt 1yr 2yr 3yr
AIA - Back My Build 5.44 - - -
AIA - Go Home Loans 7.99 5.99 5.69 5.69
ANZ 7.89 6.59 6.29 6.29
ANZ Blueprint to Build 7.39 - - -
ANZ Good Energy - - - 1.00
ANZ Special - 5.99 5.69 5.69
ASB Bank 7.89 5.99 5.69 5.69
ASB Better Homes Top Up - - - 1.00
Avanti Finance 8.40 - - -
Basecorp Finance 9.60 - - -
BNZ - Classic - 5.99 5.69 5.69
Lender Flt 1yr 2yr 3yr
BNZ - Mortgage One 7.94 - - -
BNZ - Rapid Repay 7.94 - - -
BNZ - Std 7.94 5.99 5.69 5.69
BNZ - TotalMoney 7.94 - - -
CFML 321 Loans 6.20 - - -
CFML Home Loans 6.45 - - -
CFML Prime Loans 8.25 - - -
CFML Standard Loans 9.20 - - -
China Construction Bank - 7.09 6.75 6.49
China Construction Bank Special - - - -
Co-operative Bank - First Home Special - 5.79 - -
Lender Flt 1yr 2yr 3yr
Co-operative Bank - Owner Occ 7.65 5.99 5.75 5.69
Co-operative Bank - Standard 7.65 6.49 6.25 6.19
Credit Union Auckland 7.70 - - -
First Credit Union Special - 6.40 6.10 -
First Credit Union Standard 8.50 7.00 6.70 -
Heartland Bank - Online 7.49 5.65 5.55 5.55
Heartland Bank - Reverse Mortgage - - - -
Heretaunga Building Society ▼8.60 6.75 6.40 -
ICBC 7.49 5.99 5.65 5.59
Kainga Ora 8.39 7.05 6.59 6.49
Kainga Ora - First Home Buyer Special - - - -
Lender Flt 1yr 2yr 3yr
Kiwibank 7.75 6.89 6.59 6.49
Kiwibank - Offset 8.25 - - -
Kiwibank Special 7.75 5.99 5.69 5.69
Liberty 8.59 8.69 8.79 8.94
Nelson Building Society 8.44 5.95 6.09 -
Pepper Money Advantage 10.49 - - -
Pepper Money Easy 8.69 - - -
Pepper Money Essential 8.29 - - -
SBS Bank 7.99 6.95 6.29 6.29
SBS Bank Special - 6.15 5.69 5.69
SBS Construction lending for FHB - - - -
Lender Flt 1yr 2yr 3yr
SBS FirstHome Combo 5.44 5.15 - -
SBS FirstHome Combo - - - -
SBS Unwind reverse equity 9.75 - - -
TSB Bank 8.69 6.49 6.49 6.49
TSB Special 7.89 5.69 5.69 5.69
Unity 7.64 5.99 5.69 -
Unity First Home Buyer special - 5.49 - -
Wairarapa Building Society 8.10 6.05 5.79 -
Westpac 8.39 6.89 6.39 6.39
Westpac Choices Everyday 8.49 - - -
Westpac Offset 8.39 - - -
Lender Flt 1yr 2yr 3yr
Westpac Special - 6.29 5.79 5.79
Median 7.99 6.02 5.79 5.69

Last updated: 20 November 2024 9:45am

About Us  |  Advertise  |  Contact Us  |  Terms & Conditions  |  Privacy Policy  |  RSS Feeds  |  Letters  |  Archive  |  Toolbox  |  Disclaimer
 
Site by Web Developer and eyelovedesign.com