Event Highlight

Enhancing Cybersecurity and Financial Resilience in a Digital Banking Era

By Sherry Yu MIA ’24
Posted Oct 11 2023
L-R: Patricia Mosser, Ari Redbord, Chris Feeney
L-R: Patricia Mosser, Ari Redbord, Chris Feeney

 

Cybersecurity is a team sport with deep interconnection between different sectors. So said SIPA’s Patricia Mosser when she moderated a recent panel on “Enhancing Cybersecurity and Financial Resilience in a Digital Banking Era.”

Mosser, who leads SIPA’s Initiative on Central Banking and Financial Policy, is a senior research scholar at the School and director of its MPA Program in Economic Policy Management. She is also part of SIPA’s Program on Cyber Risk to Financial Stability.

The panel was part of the Seventh Annual Fintech Conference hosted by the Federal Reserve Bank of Philadelphia on September 7 and 8. Mosser also served on the conference’s organizing committee.

The panelists were:

  • Graham Steele, Assistant Secretary for Financial Institutions, US Department of the Treasury
  • Chris Feeney, Executive Vice President, Bank Policy Institute
  • Brian Heemsoth, Executive Vice President and Chief Information Security Officer, FIS Global
  • Ari Redbord, Head of Legal and Government Affairs, TRM Labs.
  • Katheryn Rosen, Managing Director and Global Head of Regional Information Security, JPMorgan Chase

Early in the discussion, Steele introduced the concepts of "fragmentation" and "concentration" within the realm of fintech cybersecurity. He said that due to the diverse range of products and services involved in this technological landscape, a breach by a malicious actor could have far-reaching consequences. Issues can also arise from either excessive or insufficient concentration, as illustrated by the challenges posed by cloud services. Determining the appropriate division of security responsibilities between cloud providers and their customers can complicate collaborative efforts and create obstacles for government agencies in their oversight efforts.

L-R: Patricia Mosser, Ari Redbord, Chris Feeney, Brian Heemsoth, Graham Steele, Katheryn Rosen
L-R: Joining Mosser, Redbord, and Feeney on the panel were Brian Heemsoth, Graham Steele, and Katheryn Rosen.

Chris Feeney further highlighted the challenges associated with introducing new requirements, especially when they don’t align with existing ones. He proposed a solution where front- and second-line workers should optimize how they allocate their time to specific tasks. He also noted that the White House has included solving requirements harmonization as part of the national strategy.

Steele and Heemsoth both discussed the obstacles related to sharing information, citing the conflict between Russia and Ukraine as an example. They highlighted that governments and industries each face vulnerabilities stemming from inadequate communication channels. Heemsoth went on to underscore the crucial role of information sharing, particularly for smaller private-sector entities, in enhancing resilience against cyber threats.

Redbord introduced a different perspective to the discussion, concentrating on financial investigations. He pointed out that illicit financial risks are commonly associated with blockchain technology. Nevertheless, investigators are increasingly leveraging blockchain technology on their side to track illegal activities and combat money laundering. Even the general public can conduct advanced investigations using publicly available resources. It is of paramount importance, he said, to determine the most effective ways to harness technology for the purposes of justice and protection.

Rosen also emphasized the challenge of operational collaboration when it comes to sharing information between governments and private sectors. She cited ARC (the Analysis & Resilience Center for Systemic Risk) as an example, highlighting how it represents a successful collaborative initiative between the US Department of Homeland Security and industry.

During the discussion of current challenges, the panelists suggested that regulations are struggling to keep pace with a rapidly changing environment. There is a significant need for guiding principles, they said, particularly in smaller sectors where resource constraints are a factor. Effective information sharing is also in high demand to build trust among people, necessitating increased collaboration between government and industry stakeholders.

The discussion concluded by highlighting the potential for collaboration between the government and the cryptocurrency industry to bolster cyber threat defense. The central focus remained on the importance of sharing information and establishing a robust model structure.

In addition to the host Philadelphia Fed, co-sponsors included Columbia SIPA, the Wharton School of the University of Pennsylvania, the University of Cambridge, the Brookings Institution, and the Bank Policy Institute.

Watch the complete discussion: