Cyber attacks pose a significant threat to the global financial system, Reserve Bank head of prudential supervision Toby Fiennes warned today.
However, while the Reserve Bank had considered introducing more prescriptive cyber security requirements it had decided not to do so "at this stage".
“We doubt that prescriptive regulations would appreciably improve the outcome, when the technology and threat landscape are both changing so rapidly," Fiennes said in a speech delivered to the Future of Financial Services conference in Auckland.
"We will, however, review this policy stance from time-to-time to ensure that it remains appropriate."
Firms, regulators and others all have a part to play in managing cyber risks in order for us to enjoy the benefits of new financial sector technology, he said.
“The dynamic cyber environment means organisations have to be nimble in their approach to cyber security - focused on outcomes, rather than prescriptive compliance exercises.
"The nature and incidence of cyber risk is unique, meaning that typical approaches to risk management and disaster recovery planning may not be appropriate."
While cyber vulnerabilities can be mitigated, the potential sources of cyber threats and the attack footprint were broad and can never be eliminated, he said.
The ‘WannaCry’ ransom-ware attack and the more recent ‘Notpetya’ attack highlighted the need to better manage cyber risk..
The Reserve Bank was closely watching the emerging wave of "digital disruption" in the financial sector, which in the short term may result in new risks and increased instability.
While the long term impact of digital disruption of the banking sector may improve the efficiency of the financial system, the long-term impact on financial system soundness was less clear, Fiennes said.
“We’re working with other agencies, such as the FMA and Ministry of Business, Innovation and Employment, to ensure that New Zealand presents an environment where digital financial innovation can flourish, provided it is done safely."
The Reserve Bank and FMA have, however, agreed with government on the need to regulate other forms of financial markets infrastructure, such as payments and clearance systems.