ANTONINO FAZIO | Directorate General for Markets and Payment Systems, Bank of Italy
FABIO ZUFFRANIERI | Directorate General for Markets and Payment Systems, Bank of Italy
This paper outlines how a paradigm shift is required when approaching cyber risk management for interbank payment systems, which are affected by the growing interconnection of systems, the digitization of financial services, and the continuously evolving cyber threats. In this scenario, cyber threats may derive from a wider number of actors, who are constantly active on the internet and able to exploit an increasing number of vulnerabilities and attack vectors to achieve their goals. Financial institutions should, therefore, assume that specific cyber threats can overcome any defence.
Firstly, the paper outlines the theoretical reasons for this necessary paradigm shift. Secondly, it aims to highlight the importance of all the stakeholders in strengthening the cyber resilience of payment systems, in particular the central and enabling role of messaging service operators, by providing an analysis of a real case study – the recent Bangladesh Bank cyber fraud. Finally, the paper aims to encourage discussion on the new paradigm and the adequacy of current regulatory frameworks and supervisory approaches.