150 likes | 160 Views
Explore the evolving landscape of fintech, the importance of regulatory considerations, and the role of cybersecurity in the payments system. Get tips for community bankers interested in fintech and learn about managing IT and cybersecurity risks.
E N D
Business Technology Discussion on Fintech, the Payments System and Cybersecurity Jackie Nugent, Assistant Vice President Thursday, May 9, 2019 Disclaimer: The views expressed in the following presentation are those of the presenter and the Federal Reserve Bank of Kansas City and do not necessarily reflect the views of the Federal Reserve System.
Innovation and Technology “Change is surely coming, as financial products and services move onto interconnected platforms. As the sector evolves, it's important that all parties involved pay close attention not only to the technical questions, but to the requisite regulatory, policy, and legal considerations to ensure continued trust and confidence in the financial system.” - Governor LaelBrainard, April 28, 2017 2
Fintech Innovation in the 10th District • Mostly P2P payments adoption and alternative/marketplace lending • Some examples of fintech partnerships, including first community bank-hosted fintech accelerator • Cryptocurrency: “Crypto-friendly” state legislation in Wyoming • Exploration of artificial intelligence, machine learning applications • Nationally, the Independent Community Bankers of America (ICBA) plans to launch a fintech accelerator 4
Regulatory Perspectives on Fintech • A number of high level workgroups have been established across the Federal Reserve System, including this Reserve Bank, to evaluate impact and policy implications. • Our interests: Central bank policy objectives and socially beneficial and financially sound innovations • If the marketplace and regulators can support responsible connectivity between fintech firms and supervised entities, such integration could benefit banks, particularly community banks. • Although the landscape is changing, time-tested risk management tools remain applicable. 5
Tips for Community Bankers Interested in Fintech • Build bank leadership and directorate knowledge • Consider your strategic plan and risk tolerance: • Opportunities and challenges? • Strengths and weaknesses? • Employ vendor risk management practices • Evaluate organizational cultural match • Consider compliance implications (e.g., consumer regulations and BSA/AML requirements) • Talk with federal & state regulatory contacts 6
Payments Landscape • In the U.S., a gap has emerged between the capabilities of traditional payment methods and the payment capabilities expected in the digital era – fast, convenient, accessible. • Faster payments address this gap by allowing payments to be sent and received immediately, and at any time – 24 x 7 x 365. • The Federal Reserve’s payments mission is to foster the integrity, efficiency, and accessibility of the payment system. • In 2017, the industry asked the Fed to develop a 24 x 7 x 365 settlement service for faster payments, reflecting the Fed’s foundational role in the settlement of interbank obligations. 7
Federal Register Notice(Closed December 14, 2018) • Potential actions the Fed could take to support a safe, modern payment infrastructure for interbank settlement of faster payments • Real-time Gross Settlement (RTGS) and Liquidity management tool (LMT) • 400+ total comments 8
P2P Payments Applications 9 Source: Statista and Cornerstone Advisors, as of December 2018
Managing IT and Cybersecurity Risk • Regular audits of IT/cyber areas and timely resolution of audit findings. Audit programs should include: • Penetration testing • Vulnerability assessments • Patch management • Social engineering testing • Assessing and controlling cyber risk • FFIEC’s Cybersecurity Assessment Tool (CAT) – released in 2015 • Financial Services Sector Cybersecurity Profile – released Oct 2018 • Membership in information sharing organizations such as FS-ISAC and InfraGard 11
Managing IT and Cybersecurity Risk • Incident response planning • Regular review, approval, and testing • Incorporate contact information for regulatory agencies, law enforcement, and critical third parties • Variety of free or low cost resources to support plan testing, such as the FS-ISAC Cyber-Attack Payments Systems Exercises • Incident Response References: • Information Security Standards (GLBA) • SR 05-23, Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice 12
IT Examinations • Information Technology Risk Examination (InTREx) workprogram used for community and regional bank portfolios • IT ratings remain stable and a significant majority of banks are rated satisfactory or better • Common examination findings include: • Adequacy and frequency of IT audits, penetration testing, vulnerability assessments, and social engineering testing • Cybersecurity risk assessment processes • Vendor risk management • Incident response planning and testing • Internal controls over electronic funds transfers, namely ACH and wires 13
Business Technology RiskSupervisory Contact Information • Jackie Nugent, Assistant Vice President • (816) 881-2462; Jackie.Nugent@kc.frb.org • Max Gwin, Manager • (303) 572-2536; Max.Gwin@kc.frb.org • Dan McGonegle, Manager • (303) 572-2393; Daniel.McGonegle@kc.frb.org • Cory Nance, IT Coordinator and Senior Examiner • (405) 270-8593; Cory.Nance@kc.frb.org 14
Resources • Interagency Guidelines Establishing Information Security Standards • FFIEC IT Examination Handbooks • SR Letter 05-23: Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice • SR Letter 13-19: Guidance on Managing Outsourcing Risk • SR Letter 15-9: FFIEC Cybersecurity Assessment Tool for Chief Executive Officers and Boards of Directors • Financial Services Sector Cybersecurity Profile 15