Things are continuing to get interesting in the banking world. The European Banking Authority last week stated that national regulators in Europe should stress test financial institutions to assess their vulnerability to hackers and force them to hold more capital if they are not doing enough. And SWIFT, a critical messaging system within the financial system, has unveiled a “customer security programme” that includes plans to audit its 11,000 member institutions to check that their own security is up to scratch. By the way, SWIFT handles a mind-boggling $6 trillion transfers every day.
The new program will focus on five mutually reinforcing strategic initiatives:
- Improve information sharing amongst the global community. SWIFT will require more information from their customers, and share relevant information back with their community.
- Enhance SWIFT related tools for customers. SWIFT will further strengthen security requirements for customer-managed software to better protect local environments.
- Enhance guidelines and provide audit frameworks. SWIFT will further enhance security and operational baselines, and develop related audit standards and certification processes for the secure management of SWIFT messages at customer sites.
- Support increased payment patterns control. SWIFT will share best practices for fraud detection at the receiving bank, and will explore the feasibility of tools that would detect anomalies on their own network, for example as an ‘opt-in’ service to their customers
- Enhance support by third party providers. A structural enhancement of their customers’ security, as outlined above, requires the extensive support of third party providers: security software and hardware, consulting and training, implementation services, providers of fraud detection solutions, interface vendors, service bureaus, auditors and others. SWIFT plans to foster such a secure ecosystem.