Global Head of Securities Services
Cyber risk in securities services: Be alert
The securities services industry needs to be on top of cyber security otherwise it could face severe consequences, and it is something the delegates at the inaugural Network Forum Annual Meeting in Warsaw were under no illusions about. The Standard Chartered white paper highlighted core cyber risks to securities services including the theft of assets, misappropriation of customer data, data corruption or manipulation, disruption to clearing and settlement, or a DDoS attack on corporate actions which could cause significant delays to transactions. Depositaries are held liable by the Undertakings for Collective Investment in Transferable Securities V (UCITS V) and the Alternative Investment Fund Managers Directive (AIFMD) for assets that go missing in custody, so the cyber security risks associated with asset safety must be prioritized by providers of custody.
The consequences of failing to implement a robust cyber security regime are major, and often lead to monumental losses. For example, a bank could face huge claims from clients in the aftermath of a significant hack or cyber security incident, and it would be practically a mission impossible for organizations to prevent the misuse of leaked information. Recovering stolen files would be an unenviable problem, and it would involve equally massive reputational risk. Even if a firm recovered from the breach and the associated PR fall-out, regulators would scrutinize what went wrong, and this could precipitate civil or criminal proceedings.
With the stakes being so high, an organization’s cyber protection framework has to be excellent. The securities services industry faces several issues which may make it harder to adequately confront cyber risks. The most obvious is that much of the industry still uses legacy technology, which is infused with structural flaws that may prove vulnerable to hackers. But it is not simply ageing infrastructure which is susceptible to attacks. Technologies like blockchain or Artificial Intelligence (AI) are still in the trial stages of their development. The paradox is that while these technologies could be used to mitigate cyber risks, overly hasty adoption of such disruptors could render such organizations more vulnerable to cyber risks, particularly if they do not fully understand the technology.
Addressing the problem
About the Author
Margaret is responsible for the strategic leadership of the Securities Services business globally, managing all the business unit functions including Operations, Technology, Client Management, Business Development and Product Management. She also leads the business agenda with Financial Institution clients on a worldwide basis, across cash management, securities services and trade finance.
Euromoney and Standard Chartered will be running a series of webinars on debt capital markets. The next will be ‘India states’ finances and borrowings: The other half of the story’ on July 19. Find out more.
This material has been prepared by Standard Chartered Bank (SCB), a firm authorised by the United Kingdom’s Prudential Regulation Authority and regulated by the United Kingdom’s Financial Conduct Authority and Prudential Regulation Authority. It is not independent research material. This material has been produced for information and discussion purposes only and does not constitute advice or an invitation or recommendation to enter into any transaction.
Some of the information appearing herein may have been obtained from public sources and while SCB believes such information to be reliable, it has not been independently verified by SCB. Information contained herein is subject to change without notice. Any opinions or views of third parties expressed in this material are those of the third parties identified, and not of SCB or its affiliates.
SCB does not provide accounting, legal, regulatory or tax advice. This material does not provide any investment advice. While all reasonable care has been taken in preparing this material, SCB and its affiliates make no representation or warranty as to its accuracy or completeness, and no responsibility or liability is accepted for any errors of fact, omission or for any opinion expressed herein. You are advised to exercise your own independent judgment (with the advice of your professional advisers as necessary) with respect to the risks and consequences of any matter contained herein. SCB and its affiliates expressly disclaim any liability and responsibility for any damage or losses you may suffer from your use of or reliance on this material.
SCB or its affiliates may not have the necessary licenses to provide services or offer products in all countries or such provision of services or offering of products may be subject to the regulatory requirements of each jurisdiction. This material is not for distribution to any person to which, or any jurisdiction in which, its distribution would be prohibited.
You may wish to refer to the incorporation details of Standard Chartered PLC, Standard Chartered Bank and their subsidiaries at http://www.standardchartered.com/en/incorporation-details.html.
© Copyright 2017 Standard Chartered Bank. All rights reserved. All copyrights subsisting and arising out of these materials belong to Standard Chartered Bank and may not be reproduced, distributed, amended, modified, adapted, transmitted in any form, or translated in any way without the prior written consent of Standard Chartered Bank