Key messages for industry on cybersecurity, accountability and money laundering controls

• Sylvia Cronin: Making the financial sector more cyber resilient is a key concern for regulators
• Sylvia Cronin: Cyber risks present more than just a new set of risks to supervised firms, but also risks to consumers
• Seana Cunningham: Protected Disclosure reports as an important supervisory tool to assist the Central Bank in discharging its supervision and enforcement mandate
• Seana Cunningham: Improvement seen in controls around money laundering, but there is still some work to be done

In speaking events this week Central Bank directors Sylvia Cronin and Seana Cunningham delivered strong messages to financial firms about supervisory expectations.

Director of Insurance Supervision, Sylvia Cronin spoke today to the Insurance Supervision Agency of Slovenia on cyber risks. These risks, she said, present more than just a new set of risks to supervised firms. They can also expose consumers to undesired consequences related to personal security.

She said: “Regulators face a number of critical challenges in designing a regulatory framework for cyber risk. The most notable of these is how best to ensure that the standards they set actually encourage firms to be more ambitious in managing cyber risks as the technology continues to evolve. It is crucial that any regulatory framework avoids becoming a ‘checklist’ exercise in compliance; in an environment of rapidly emerging and evolving risk, a principles-based approach that has the flexibility to adapt to new challenges is crucial. Through the effective implementation of such an approach, we strive for positive outcomes for the protection of consumers and for preserving financial stability.”

Director of Enforcement and Anti Money Laundering, Seana Cunningham spoke yesterday to the Association of Compliance Officers. In her first major speaking engagement in the role, she told an audience of over 400 people about the Central Bank’s enforcement priorities and its approach to supervising Anti Money Laundering/Countering the Financing of Terrorism.

She said that the Central Bank was “committed to setting and requiring adherence to a clear regulatory framework within which firms and individuals hold themselves to the highest standards of compliance, and where risks are actively anticipated, identified, managed and mitigated in a timely and transparent manner.” She said the Central Bank will use its enforcement powers, and has done so, when firms or individuals fail to comply with regulatory rules. She also highlighted Protected Disclosure reports as an important supervisory tool to assist the Central Bank in discharging its supervision and enforcement mandate. She also mentioned individual culpability, which was the subject of her comments at an event in August.

She said the Central Bank had seen improvements in relation to AML/CFT. She said the understanding of ML/TF risks and AML/CFT obligations by firms has come a long way since 2012, saying “in recent times there has been a marked shift in the nature and scale of deficiencies being identified in firms. We have observed a move away from the more egregious deficiencies seen in the past, where controls may have been absent, to findings now that relate more to the depth, quality and sophistication of the actual controls in place.”