OTTAWA — Canada should consider strengthening regulations to safeguard the country’s financial system against potential cyberattacks, a top Bank of Canada official said on Tuesday.
The comments come ahead of the release next week of the central bank’s biannual survey of financial sector risk management experts, which is expected to cite cyber security as a concern. Last spring’s survey identified cyber security incidents as the greatest risk to the Canadian financial system.
“We need to increase our focus on the resilience of the financial sector,” Filipe Dinis, the Bank of Canada’s chief operating officer, told a Toronto business audience in a speech.
“That means we should consider updating the balance of the current regulations and think about the necessary trade-offs to do so,” he said.
Cyber security has long been a preoccupation for Canada’s central bank. In a 2017 interview with The Canadian Press, Bank of Canada Governor Stephen Poloz said the threat of a cyberattack was in many ways “more worrisome than anything else.”
Watch: Here’s what to do if you’ve been hit by a data breach. Story continues below.
Canada’s regulatory framework, Dinis said on Tuesday, should encourage collaboration and information sharing to reduce the risk of a cyberattack, which he said has been amplified by society’s increased interconnectedness.
Regulators could consider putting in place “trusted and secure” channels to transmit sensitive information while ensuring institutions are protected, he suggested. Governments could also look at mandating industry-wide preventative testing, developed in conjunction with regulators and intelligence agencies.
Those tests should also include input and participation from major players outside of the financial sector, including telecommunications, energy and transportation.
Rules that rely primarily on financial penalties could also be enhanced.
“If company management is unable to accurately gauge the risk of a systemic cyber event, it may well decide the fine for noncompliance is a cost that is worth paying,” Dinis said.
Globally, countries should aim to create legislative reforms that are compatible with international norms to boost cross-border co-operation and decrease opportunities for companies to exploit jurisdictions with weaker cyber security regulations.
“There are no walls between countries when it comes to cyberattacks,” Dinis said.
With files from Fergal Smith