Navigation for News

News

Reserve Bank publishes cyber resilience guidance

The Reserve Bank has released guidance for financial institutions about what its expectations are regarding the increasingly expensive problem of cybercrime.
  • Thursday, April 29th 2021

The 22-page document covers what The Reserve Bank – Te Pūtea Matua believes regulated entities should be considering when building cyber resilience and draws heavily from leading international and national cybersecurity standards and guidelines.

The guidance applies to all entities the Reserve Bank regulates, including registered banks, licensed non-bank deposit takers, licensed insurers and designated financial market infrastructures.

The finalised guidance aims to raise awareness of, and ultimately promote, the cyber resilience of the financial sector, especially at the board and senior management level.

In a statement, the bank says the guidance provides "high-level principle-based recommendations for entities and primarily serves as an overarching framework for the governance and management of cyber risk, which entities can tailor to their own specific needs and technologies, rather than as an explicitly detailed or technical set of instructions".

RBNZ deputy governor and general manager of financial stability, Geoff Bascand says the intention is to illustrate current best practice and encourage continual improvement beyond these practices into all areas where entities can further strengthen their cyber resilience.

"The recent illegal data breach of a third party file sharing application used by the Reserve Bank is a timely reminder of the risks associated with managing and sharing information," Bascand says.

"As part of the investigation into the breach, the bank appointed KPMG to undertake an independent review of its systems and processes.

This report is due to be published in early May and we are committed to continuing our own improvements in this area and sharing any relevant lessons with the firms that we regulate."

According to the recently published guidance document boards of directors "...should be ultimately responsible for the cyber resilience of an entity".

"The board should ensure that it understands the cyber risk environment faced by the entity. If necessary, the expertise required to understand the cyber risk could be accessed through other experienced in-house staff or external independent organisations."

Guidance for what a cyber resilience strategy should look like is also covered in the document along with a section on capability building and options for "baseline" resilence and "enhanced" resilience.

Up Next Further evidence of booming market

Comments

No comments yet.

Sign In to add your comment

Read this next

Domestic data could signal inflation stall to the Reserve Bank

Thursday, April 29th 2021

New mortgage adviser association now officially open for membership

Thursday, April 29th 2021

More pain in store for mortgage holders

Thursday, April 29th 2021
Most Read

Get TMM delivered to your inbox each week

Sign Up

About

Connect

Our Network

TMM - The Mortgage Mag is 100% dedicated to delivering excellent news, video and information to all mortgage advisers in New Zealand. We deliver news to advisers through TMMOnline.nz and its associated email newsletter. Every two months we publish TMM - The Magazine. This is sent to all mortgage advisers. TMM is part of Tarawera Publishing Ltd. TPL is the oldest and largest publisher in NZ's financial adviser market.

© 2024 Tarawera Publishing Ltd | The New Zealand Mortagage Magazine