{"title":"Regulation of Cyber Risk in the Banking Sector: A Canadian Case Study","authors":"Maziar Peihani","doi":"10.2139/ssrn.3880115","DOIUrl":null,"url":null,"abstract":"Cyber risk is one of the greatest threats facing any modern financial system, a result of increasing dependence on technology and the appeal of troves of personal data to well-equipped hackers. This article examines the governance of cyber risk in the Canadian banking system in the backdrop of the COVID-19 Crisis which has led to a surge in cyber attacks. It argues that the existing operational risk framework, developed by the Basel Accords, is unfit to handle the unique challenges posed by cyber risk. Cyber incidents are unlike traditional operational disruptions in both their dynamism and impact, and are not adequately captured by backward-looking proxies, such as historical losses. There is also a mismatch between the traditional risk-based supervision, which relies on annual risk rating of banks, and the quickly changing cyber profile of regulated entities. The article calls for a paradigm shift in banking regulation such that cyber resilience is set as an explicit regulatory objective for both individual firms and the system as a whole. It outlines a number of strategies which can help banks and regulators navigate and adapt to the ever-changing cyber landscape.","PeriodicalId":11797,"journal":{"name":"ERN: Regulation (IO) (Topic)","volume":"25 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2021-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ERN: Regulation (IO) (Topic)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2139/ssrn.3880115","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
Cyber risk is one of the greatest threats facing any modern financial system, a result of increasing dependence on technology and the appeal of troves of personal data to well-equipped hackers. This article examines the governance of cyber risk in the Canadian banking system in the backdrop of the COVID-19 Crisis which has led to a surge in cyber attacks. It argues that the existing operational risk framework, developed by the Basel Accords, is unfit to handle the unique challenges posed by cyber risk. Cyber incidents are unlike traditional operational disruptions in both their dynamism and impact, and are not adequately captured by backward-looking proxies, such as historical losses. There is also a mismatch between the traditional risk-based supervision, which relies on annual risk rating of banks, and the quickly changing cyber profile of regulated entities. The article calls for a paradigm shift in banking regulation such that cyber resilience is set as an explicit regulatory objective for both individual firms and the system as a whole. It outlines a number of strategies which can help banks and regulators navigate and adapt to the ever-changing cyber landscape.