How Standard Chartered approaches cyber security

Speaking at the ConnectGov Leaders Summit 2020, Darren Argyle, Standard Chartered’s group chief information security risk officer, said “seamless security” was being built into new banking platforms and digital banking services in a security-by-design approach.

Besides offering traditional banking services, the bank operates digital-only banks in Africa, and more recently in Hong Kong.

To secure these services, it uses secure application programming interfaces to facilitate dynamic exchange of transactions within financial systems, as well as verification and authentication mechanisms.

“Digital transformation and having the confidence of our customers goes hand in hand,” said Argyle. “We’re continuing to maintain that sustainable trust over the longer term.”

Like other large organisations, Standard Chartered has had its share of cyber attacks, including phishing threats which have grown by 31% since the start of the year. The bank is also concerned about the rising number of ransomware attacks on third-party suppliers across the industry.

Argyle said he hoped third-party suppliers would get a handle on their security posture, “given the difficulties that a lot of companies are having with remote working, which is stretching people quite thinly”.

Banks need stronger cyber security - RBNZ

Reserve Bank deputy governor Geoff Bascand - responsible for financial stability - said improving cyber resilience had become a key priority for regulators around the world.

The central bank's draft guidance on the topic would apply to all the entities it regulated and draws heavily from international and national cybersecurity standards and guidelines.

"As cyber risk continues to rise, there is growing awareness that cyber incidents could present risks to the stability of the entire financial system," Bascand said.

He said the recent spate of cyber attacks across New Zealand was a reminder of the disruption they can cause.

"Last November we announced an evolution in our policy stance towards taking a more proactive interest in improving the cyber resilience of the financial sector in New Zealand."

Consultation on the draft closes 29 January, with the final guidance to be released early next year.

"We are open to feedback on the guidance, but we expect it will be useful for firms as they develop their own frameworks to address the cyber risks they face," he said.