EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Regulation of Cyber Risk in the Banking System: A Canadian Case Study

Maziar Peihani

Journal of Financial Regulation, 2022, vol. 8, issue 2, 139-161

Abstract: Cyberrisk is one of the greatest threats facing any modern financial system; a result of increasing dependence on technology and the appeal of troves of personal data to well-equipped hackers. This article examines the governance of cyber risk in the Canadian banking system in the context of the Covid-19 crisis, which has led to a surge in cyber-attacks. It argues that the existing Canadian regime, which draws heavily on the Basel operational risk framework, is unfit to handle the unique challenges posed by cyber risk. Cyber incidents are unlike traditional operational disruptions in both their dynamism and impact, and are not adequately captured by backward-looking proxies, such as historical losses. There is also a mismatch between the traditional risk-based supervision, which relies on annual risk rating of banks, and the quickly changing cyber profile of regulated entities. Furthermore, the bilateral and institution-specific nature of such supervision leaves out the crucial systemic perspective on cyber risk. This article calls for the current quantitative paradigm, which underlies capital adequacy regulation, to be complemented with a resilience-centric approach aimed at better accommodating and learning from unpredictable cyber incidents. This shift requires revisiting traditional supervisory practices, such as extensive reliance on centralized decision-making and planning—which may prove ineffective in the face of a firm-wide cyber incident—and a dynamic approach that keeps regulation in line with emergent knowledge. The article outlines a number of strategies which can help banks and regulators navigate and adapt to the ever-changing cyber landscape.

Keywords: banks; Basel Accords; cyber risk; operational risk; systemic cyber risk; third-party service providers (search for similar items in EconPapers)
Date: 2022
References: Add references at CitEc
Citations: View citations in EconPapers (3)

Downloads: (external link)
http://hdl.handle.net/10.1093/jfr/fjac006 (application/pdf)
Access to full text is restricted to subscribers.

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:oup:refreg:v:8:y:2022:i:2:p:139-161.

Access Statistics for this article

Journal of Financial Regulation is currently edited by Dan Awrey, Geneviève Helleringer and Wolf-Georg Ringe

More articles in Journal of Financial Regulation from Oxford University Press
Bibliographic data for series maintained by Oxford University Press ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:oup:refreg:v:8:y:2022:i:2:p:139-161.