A Security Vulnerability Assessment (SVA) is a useful tool for international banking because this field requires powerful measures of security control. International banks depend on their digital systems, must comply with regulatory standards to avoid fines and bans, and should satisfy their customers’ demands to maintain competitiveness. They should respond quickly to attacks around the globe, but it is better to implement an SVA to mitigate risks proactively. The application of SVA in an international bank has its peculiarities:
During the planning, the security team should consider skilled workforce, hardware, and software as resources for testing, rate the roles of utilized systems, and the chances of technical failures which could lead to security endangerment (Rahalkar, 2018). Upgrades could affect the control performance, and regular business operations could be slowed down due to testing. Therefore, the security testing operations should be tailored to a particular bank’s needs.
Testing should be done regularly with a risk-based approach to be adaptive to emerging threats (Rahalkar, 2018). The material impact of each risk is an essential aspect.
There are guidelines and recommendations created for banking institutions that could be considered during the security testing process (Kannan & Selvaraj, 2018). For example, the Wolfsberg recommendations for implementing anti-financing terrorism and anti-money laundering policy, the ICC’s guidelines on Trade Finance Operations, and the Customer Security Program by SWIFT for international payments.
The IT security policy of a bank includes aspects related to servers, networks, databases, directory structures, operating systems, and staff and customer awareness of the security policy standards.
All things considered, international banks should apply a Security Vulnerability Assessment as a routine procedure to meet the required customer service and quality standards. However, during the testing, it is crucial to utilize well-defined industry recommendations designed to suit the specific needs of international banking and reflect the issues related to peculiar aspects of the organization. An effective assessment should be applied in the organization’s culture frames and adjusted to changes and modifications.
The discussions about the effectiveness of prescriptive government regulations compared to industry’s performance-based regulations arise from time to time. Some people think that prescriptive government regulations could get in the way of businesses, while others emphasize that companies tend to focus only on financial aspects of safety performance. However, both types of regulations have their advantages and disadvantages.
Prescriptive government regulations apply control methods to safety, identify expectations at every production stage, utilize precise and mandatory criteria, and are verified through heavy inspections with fines in case of rule violations (Bahr, 2017). Examples are the U.S. Federal Railroad Administration Regulations and the U.S. Occupational Safety and Health Administration for General Industry. Disadvantages of prescriptive government regulations include their cost to the regulated organization and government, their labor-consuming character, and lack of flexibility (Bahr, 2017). They make people focus on compliance and avoid innovations and encourage them to conceal problems. However, they provide some benefits as they could be useful for a new industry without much experience in regulations.
Performance-based regulations rely on a safety case approach and a quantitative risk assessment to articulate an adequate residual risk level with safety audits by a third-party assessor (Bahr, 2017). It is common in commercial nuclear power, offshore oil and gas, and rail transport industries. Its disadvantages include the probable tensions with society on the question of acceptable risk and the requirements of a regulator’s level of knowledge and skills (Radvanovsky & McDougall, 2019). They focus on only the greatest risks with the exclusion of potential hazards which could lead to “black swan” accidents.
Therefore, considering the strengths and weaknesses of these types of regulations, the best solution seems to be finding a balance between people-oriented safety regulations provided by the government and the organization’s ability to be innovative and sustainable. When choosing the most appropriate regime, it is useful to think of the specific industry’s features. The prescriptive regulatory process could help outline regulations for an innovative company, but the mature industries might benefit from performance-based regulations meeting their needs.
References
Bahr, N. J. (2017). System safety engineering and risk assessment: A practical approach (2nd ed.). CRC Press.
Kannan, S. R. & Selvaraj, C. (2018). Bank of the future: Minimize technology risk, maximize business return. Wolters Kluwer.
Radvanovsky, R. & McDougall, A. (2019). Critical infrastructure: Homeland security and emergency preparedness (4th ed.). CRC Press.
Rahalkar, S. (2018). Network vulnerability assessment: Identify security loopholes in your network’s infrastructure. Packt Publishing.