Finance technologies including blockchain are outpacing regulations and laws, according to a recent report by a European Union panel, leading to increased danger of cybercrimes. The report goes so far to say that the developments put the entire financial system at risk.
The report, presented last week by the Joint Committee of the European Supervisory Authorities, examines risk across the entire financial system and points to distributed ledger technology as a new financial market infrastructure (FMI) that could be vulnerable to risk of cyberattacks.
The report states that the risk has potential to harm financial markets through “threats to their business continuity and the integrity of their various kinds of proprietary data.” These dangers extend to “losses in market confidence and threats to the entire financial system,” the report states.
“Finally, the intertwining of fintech and FMIs, for example through distributed ledger technology (DLT), anchors cyber threats as a long term but rapidly evolving risk for these companies,” according to the report.
The report mostly examines banking challenges in the current climate of low interest rates, along with political and economic instability. However, the last chapter centers on technology and risks of disruption due to hacking or other weaknesses in the financial market infrastructure.
“Financial institutions face difficulties to cope with the threat of intruders gaining unauthorised access to their critical systems and data,” the report states. “The sophistication of such attacks is well illustrated by recent hackings of banking payment systems (e.g. attacks on the SWIFT system) and online account thefts.”
Better safeguards are recommended to address risks to information and communication technology (ICT).
“Further heightened supervisory diligence to address these risks is needed,” the report states. “One area of supervisory focus to address ICT risks has been on measures to address outdated legacy IT systems, IT resilience and governance and outsourcing.”
Current regulations call for institutions to hold capital to cover operational and legal risks and maintain a strong security framework to insure against breaches and availability of services.
But the report concludes that more action is needed.
“Inadequate IT governance can contribute to poor operational management practices and inadequate recovery and resilience solutions. Supervisors should consider to further assess the resilience of financial institutions to cyber security and ICT risks.”
The SWIFT hack cited by the report was revealed in September 2016; the bank payment system, a Belgium-based cooperative, disclosed that it was hacked three times during the summer. Hackers had previously used SWIFT messages to steal $81 million from the central bank of Bangladesh.
The report is reminiscent of declarations by think tanks and experts in the early days of the Internet, when laws and security measures had not kept up with the development of the online world. Such as it was in the early years of the digital age, such as it will be in early years of blockchain and digital currency.