The Committee on Payments and Market Infrastructures (CPMI) has set out a plan to improve the security of wholesale payments that involve financial institutions in a bid to prevent a repeat of last year’s $81 million Bangladesh Bank hack. Last September, following a rising number of sophisticated cyber-attacks on the financial services sector, not least a series of hits on banks using the Swift interbank messaging network, the CPMI set up a taskforce in 2016.
Led by Lawrence Sweet of the Federal Reserve Bank of New York and Johan Pissens of the National Bank of Belgium, the taskforce has now come back with a discussion note that sets out seven elements designed to address all areas relevant to preventing, detecting, responding to and communicating about wholesale payments fraud.
The consultative document, Discussion note – Reducing the risk of wholesale payments fraud related to endpoint security, aims to help focus industry efforts to tackle the increasing threat of wholesale payments fraud. The work will help to maintain confidence in the integrity of the wholesale payment ecosystem and, in doing so, support financial stability.
The strategy stresses the importance of understanding the full range of risks and calls upon all relevant public and private sector stakeholders to take a holistic and coordinated approach.
The stocktaking of current practices undertaken by the task force revealed knowledge gaps and inconsistent approaches among other weaknesses. As a result, potentially important opportunities to strengthen the wholesale payment ecosystem were identified.
“Wholesale payments fraud is becoming increasingly sophisticated and is expected to evolve further. We need to move fast, and together, to guard against any loss of confidence in the system,” said CPMI Chairman Benoît Cœuré.
The CPMI is now seeking input from relevant stakeholders. After the consultation, it plans to develop guidance on each of the seven elements to help operators and participants of payment systems and messaging networks as well as their respective supervisors, regulators and overseers improve endpoint security. The proposed guidance will be developed by early 2018.
Comments on the proposed strategy should be submitted by Tuesday 28 November 2017 via e-mail to the CPMI Secretariat. All comments may be published on the website of the Bank for International Settlements unless a respondent specifically requests confidential treatment.