Nico BINSFELD opened this session by stressing the importance of capacity building in order to strengthen cyber security in the South. He then introduced the panellists.
Xavier MOMMENS of the European Investment Bank (EIB) highlighted that digital financial services have increased the total account penetration in the South. There is a huge opportunity to scale up good practices. Therefore, the EIB carried out several studies and pilot projects in Kenya, Morocco and Jordan to understand how Digital Financial Services (DFS) can be improved and tailored to specific market needs. Examples of potential EIB actions in digital finance could be investing in a digital finance platform or providing technical assistance for existing credit lines aimed at reaching financially excluded communities in remote areas. He then introduced the next speaker by providing the example of TESCO Bank which lost USD 3 million after a cyber-attack. This shows that risk mitigation is key for digital financial services for the poor. Financial institutions and their business environment need to have sufficient capacity to mitigate risks related to digital services in order to prevent cyber-attacks.
Jean-Louis PERRIER presented why cyber security matters for digital finance and financial inclusion, providing an overview of cyber security in Africa. There has been an explosive growth in cyber-attacks worldwide by professional criminal organisations. As financial inclusion and access to digital financial services are growing in Africa, the continent becomes a more interesting target for cyber-attacks. In the period 2014-2016 losses amounted to more than USD 1 billion. Linking to the earlier example of TESCO Bank, the speaker stressed that small financial institutions are especially vulnerable since they have smaller cyber security budgets. Perrier illustrated that cyber intrusions are inevitable, but it is key that financial institutions prepare and implement continuous improvement mechanisms for intrusion prevention, early detection, and remediation by bringing international best practices to the financial inclusion sector.
Perrier then presented the case of cyber security in Senegal. He started his involvement in Senegalese cyber security during an economic mission of Luxemburg to the country in early 2016. It became clear that Senegal had significant challenges in IT security that needed to be addressed. Between 2014 and 2016, various state agencies and financial institutions were victim of cyber-attacks. This resulted in a financial loss of USD 23 million in Senegal, customer data theft and denial of digital financial services for consumers. The attacks reduced both consumer and government trust in digital financial services.
Co-financed by the Luxemburg government, Perrier introduced his cyber security solution for the financial sector of Senegal. In 2017, the first cyber security operational centre in Sub-Saharan Africa will commence its activities in Dakar. The centre, managed by Suricate Solutions and local partner APSFD, will provide services for multiple Senegalese financial institutions to continuously monitor IT infrastructure in order to prevent, detect and assist in counter attacks. The team, composed of Senegalese staff, will take on the task of continuous monitoring but can call in the assistance of a team of security specialists based in Luxemburg in case of emergency.
Sidy LAMINE NDIAYE of APSFD Senegal emphasized the need for cyber security in Senegal. The Senegalese microfinance sector has grown substantially and is now the largest market in Western Africa. Over 98% of MFIs use digital applications and 51% of Senegalese customers are using digital financial services such as mobile money accounting for approximately 200 thousand transactions per day in Senegal. These figures show the need to secure the many IT platforms available in the market as they form a serious risk.
Ahmed DERMISH, global tech specialist for the Mobile Money for the Poor (MM4P) programme of UNCDF, provided a regulatory perspective on cyber security and financial inclusion. He mentioned that increasing financial inclusion brings responsibility to offer stable and reliable digital financial services to consumers. Although financial institutions want to offer easy-to-use services to customers, cyber-attacks can seriously damage the trust of customers as well as governments in digital financial services. Dermish noted that regulators have limited capacity to regulate cyber security due to a lack of technological knowledge as well as the overlapping ministerial domains in which digital financial services often take place. He stressed the need for capacity building to increase knowledge on technological innovations as well as intra- and inter-ministerial cooperation and coordination. The speaker closed his presentation by providing good practices of regulations in New York State, the EU and the United Kingdom that mitigate risks of cyber-attacks for the financial institution as well as the consumer.
The moderator asked the panellists about the costs of cyber security. Perrier answered that the costs amounted to more than EUR 100 thousand for the initial set-up of the security system. However, the operational costs will be significantly lower. He also stressed that costs per institution can drop significantly when more MFIs participate in the system.