Ian Burgess, Principal, Technology and Digital Policy Delivery,
On 28 June UK Finance and Oliver Wyman jointly hosted a cyber symposium to coincide with a visit from the Association of Banks in Singapore (ABS) Standing Committee on Cyber Security (SCCS). As well as guests from Singapore and cyber and risk professionals from UK Finance member banks, the regulators and the Cyber Defence Alliance (CDA) were in attendance.
A partnership between UK Finance and Oliver Wyman has been ongoing for some time now as we seek better ways for our members to collaborate and share cyber intelligence. The ABS is similar in construct to UK Finance and the SCCS is an excellent example of members coming together and promoting the sharing of cyber intelligence, as well as analysing current and emerging trends, and providing industry assessments on major incidents. The SCCS also has the capability to act as a cyber crisis coordination team during a cyber emergency, promotes collaboration between members and regulators and influences best practice to counter cyber threats. The UK should look at this model for inspiration as we seek to enhance cyber cooperation here.
The CDA is a unique, member-led organisation of banks that have a significant presence in the UK and other EU countries. Their mission is to share information at an industrialised level proactively, to prevent cyber-attacks / cyber security incidents. The goal is to take a proactive, intelligence-led approach to information and turn it into actionable intelligence, thus enabling industry and law enforcement to prevent cybercrimes / threats. Their view is that an attack on one of their members is an attack on all financial institutions. In other words, due to the close knit inter-relationship between banks and the wider economy, the impact of a successful cyber-attack on one of their member or non-member firms would affect the whole financial services sector and potentially have wider repercussions throughout the UK.
The Symposium heard from the ABS on how the SCCS was constructed and how they have managed to increase in size and capability since formation. This was followed by UK Finance providing an overview of the work being undertaken with Oliver Wyman on behalf of our UK members to enhance cooperation on cyber security in financial services, together with the Prudential Regulation Authority, Financial Conduct Authority and the National Cyber Security Centre. which has seen incorporated discussions with the PRA, FCA and the National Cyber Security Centre (NCSC). Oliver Wyman presented on some of the challenges financial institutions are seeing in the RegTech space and what solutions are available to them. Lastly the CDA gave an update on the work they are currently doing on behalf of their members and their relationships with law enforcement.
A lively panel discussion followed, in which the audience quizzed panellists on topics such as the status of regulators within a sharing model, what weaknesses exist within the people, process and technology framework, and the difference between cyber resilience and cyber security. The discussion overran, which is often the sign of a healthy debate and high levels of interest.
Overall, the day was a huge success. Part of the work UK Finance does for its members is building relationships with other trade associations throughout Europe and beyond. This visit from the ABS Singapore is a highly visible outcome of this work and one which has already resulted in a number of lessons learned. For UK Finance and Oliver Wyman, understanding the complexities, challenges and possibilities of creating something similar to the ABS SCCS has been invaluable. It will stand us in good stead as we continue to look for new and innovative ways to improve the cyber security posture of our members and the financial services sector in the UK.