21 February 2018
Dan Barnes


Dan Barnes - Information Corporation

47Posts 89,505Views 8Comments
Future Finance News Analysis

Future Finance News Analysis

Finextra and Oracle have gathered together some of the industry's top thought leaders to assess the key trends and issues within transaction banking, regulations and retail banking. This group will analyse the latest news on upcoming regulations, new service offerings and industry issues shaping the new financial services landscape with regular blog posts, video interviews, webcasts debates and surveys.

Smartphones can unlock bank vaults

15 April 2014  |  2402 views  |  0

Apps are making the banking sector more vulnerable to cyber-attack, say European regulators, who recommend that firms hold capital as insurance against such an event. The ‘Joint Committee Report on risks and vulnerabilities in the EU Financial System’ is just as applicable to financial institutions elsewhere in the world, providing an assessment of the challenges that they face in delivering innovation, under intense scrutiny from regulators and predatory criminals. If read alongside the reports from last year’s cyber-attack scenarios in the UK and US (Waking Shark 2 and Quantum Dawn 2), it is clear that vulnerabilities are opening up while an industry-wide consciousness of the risks that an attack poses are relatively nascent.


Q: Do regulators think that iPhones are going to bring down the markets?

A: The report, produced by the European Securities and Markets Authority (ESMA), the European Banking Authority (EBA), European Insurance and Occupational Pensions Authority (EIOPA) and the Joint Committee of European Supervisory Authorities, says, “Pressure to get products to markets, particularly in the mobile space, is also a source of risk as sufficient time to test before go-live dates is squeezed.” So really they are warning that competitive pressures might lead to shortcuts. They note that outsourcing and cloud computing should be carefully supervised in the same vein.

Q: Budgets are tight and profits are a bit wobbly…

A: Exactly. So taking risk is the only way to try and keep ones head above water. Or rigging the markets, but no-one would do that.

Q: Haven’t banks passed their annual ‘Virus and hackers’ exam?

A: In the UK and US they underwent tests last year to see if they could weather attacks, however certain banks in the UK (and elsewhere) have seen their websites taken out of action by denial-of-service attacks and a reliance on legacy systems across the industry means that there are a few weak spots which could be vulnerable. Besides, an attack on an app might not want to take a bank out – it might want to keep it alive so it can feed off of its customers’ accounts.

Q: A financial mosquito?

A: Quite. The test showed that it would be hard to take out the whole capital markets infrastructure, even with a lot of aggression (the US event included a sell-off in target stocks using stolen administrator accounts; counterfeit and malicious telecommunication equipment to hamper the investigation into the sell-off; fraudulent press releases on target stocks; a distributed denial of service attack; corruption of the source code of an equity market application; a phishing scam; and a custom virus attacking post-trade processing). Most financial infrastructure firms were hit by cyber-attacks in 2012, goodness knows how much the banks are getting hit for.

Q: So what do regulators recommend?

A: Put more in the IT budget and don’t think of it as a flexible cost – “it is important to ensure that IT systems and related internal controls are safeguarded against adverse budgetary implications.”

They also warn against the use of outdated legacy kit, noting that, “interaction with legacy or heterogeneous IT systems deserves heightened attention, as particular weaknesses, such as inability to cope with volume of use, can be identified here… even the maintenance of existing infrastructures is not sufficiently addressed in some cases, and needs to rapidly adapt to new threats which are not always fully provisioned within existent budgets.”

Q: So buy more technology?

A: Stop using steam engine-run mainframes.


TagsSecurityRisk & regulation

Comments: (0)

Comment on this story (membership required)

Latest posts from Dan

Google search: What’s my credit score?

01 July 2014  |  2799 views  |  0 comments | recomends Recommends 0 TagsRisk & regulationInnovationGroupFuture Finance

Trade finance creates a 10 billion dollar risk

11 June 2014  |  2468 views  |  0 comments | recomends Recommends 0 TagsRisk & regulationWholesale bankingGroupFuture Finance News Analysis

Bad as gold

29 May 2014  |  2720 views  |  0 comments | recomends Recommends 1 TagsRisk & regulationWholesale bankingGroupFuture Finance News Analysis

Is Bitcoin mo' money or no money?

29 May 2014  |  2214 views  |  0 comments | recomends Recommends 1 TagsBlockchainRisk & regulationGroupFuture Finance

Dan's profile

job title Writer
location London
member since 2013
Summary profile See full profile »
Award-winning, freelance financial journalist. Specialist in many areas, including; sell-side execution services, buy-side trading, market infrastructure, emerging markets, regulation, wholesale banki...

Dan's expertise

Member since 2013
47 posts8 comments
What Dan reads
Dan's blog archive
2014 (22)2013 (25)

Who's commenting on Dan's posts