Fri | Sep 22, 2017

'Make sure cybercrime law protects, works for financial services sector'

Published:Friday | July 14, 2017 | 7:00 AMMcPherse Thompson
Julian Robinson, opposition spokesman on technology.

Opposition Spokesman on Information and the Knowledge Economy, Julian Robinson, has urged the financial services sector to form a working group to ensure that legislation to protect them against cyber criminals supports the needs of the industry.

Among those is the Cybercrime Act of 2015, which calls for a review after a three-year period, and a pending data protection law which is expected to be tabled in Parliament before year end.

Referring to the Cybercrime Act, Robinson asked financial sector participants at an anti-fraud seminar whether it is adequate and whether it meet the needs of the institutions, noting that "this is the mechanism that you have for dealing with people who are trying to attack you."

In that regard, he said, "you have to help and work with the Government to ensure that whatever is contained in that act is up to date, meets the needs of the industry and it can adequately prosecute people who are engaged in cyber criminal activities."

Robinson said it was important that the Jamaica Bankers Association (JBA) and the Jamaica Institute of Financial Services, which organised the seminar at the Terra Nova Hotel, St Andrew, where he was speaking on Thursday, has a working group that looks at the review of the Cybercrime Act.

The member of parliament also noted that data protection legislation on which they have been working since the last People's National Party administration "I can tell you will probably have the most far-reaching implication for financial services institutions that any other legislation in recent times."

Robinson said it will address how data has to be managed and accessed and that there are costs which will be associated with it.

He anticipates that a joint select committee of Parliament will examine the proposed legislation before it is tabled, "but you have to play a role in that process. You must play an active role. Financial services institutions more than any other because you have access to, in many cases, the most sensitive information on individuals apart from an RGD (Registrar General's Department) or the electoral office."

Upper-level awareness

Robinson noted that managing director of CIBC FirstCaribbean, Nigel Holness, who is also president of the JBA, attended the seminar, but there was no other chief executive from the financial services sector.

He said those who attended were the ones in the trenches who have the day-to-day responsibility for dealing with fraud issues, but awareness needs to get to the level above them. "And it has to get to the level of not just your CEOs, but your boards," added Robinson.

He referred to a recent KPMG cyber security survey of 800 companies in 28 countries which found that 56 per cent of them pay insufficient attention to cyber security, only a quarter had dedicated a paragraph to cyber security in their annual reports, and less than 20 per cent of the companies considered cyber risk as a boardroom responsibility.

"So we could be comforted that we are not much worse than the rest of the world, but we should not be comforted by that," Robinson said.

"I know I'm speaking to the choir here, but I want to equip you so you can have the conversation with those above you of why this is such an important issue for you to consider," he said.

"The attacks will come. Don't believe it is an if thing, it will come because as we speak there are some people somewhere in the world or in Jamaica trying to figure out how to get to your systems," said the Opposition spokesman.

More than any other institution financial services are probably at the top of the target list for cyber criminals, he said.

Holness told the Financial Gleaner that although the JBA recently released information on new trends, detection and prevention of fraud at ATMs and point of sales machines, organising a seminar to discuss those and other issues was important because "there's always the need to educate and continue to reinforce that education because you find that new entrants are coming into the market and they are unaware."

He said "it's a continuous process of educating and reminding so persons are aware of the threat that exists as well how to take the necessary precautions."

Holness said technology is advancing on a day-by-day basis. "It changes constantly and so it's important for us to identify these threats, inform ourselves as a financial sector, as well inform the public of the threat that's out there and how they can prevent it or help us to prevent it from taking place and impacting their lives," he added.

mcpherse.thompson@gleanerjm.com