Cybersecurity as a Key Prerequisite for Digital Financial Inclusion and Innovation

The Hague, the Netherlands

CEIP-IMF-WBG-WEF Conference on Financial Inclusion and Cybersecurity Virtual Meeting | 10 December 2020 | 1:00 pm (CET)

The UNSGSA, pictured with IMF Managing Director Kristalina Georgieva, delivered virtual opening remarks at the Conference on Financial Inclusion and Cybersecurity.

Thank you very much Mr. Burns for your kind introduction, and for introducing this very important subject. Ms. Georgieva, Managing Director of the IMF, Distinguished Guests, Ladies and Gentlemen,

I’m delighted to join you virtually for this important conference. 

Today, we have a great chance to focus on cybersecurity as a key prerequisite for digital financial inclusion and innovation.

Through collaboration with financial inclusion and cybersecurity colleagues — as well as harnessing the knowledge and support of development partners — we can mitigate the serious damage that cybercrime can cause the poor and underserved, and help bolster their trust in digital financial services.

This conference is very timely. As many of you will know, one of the silver linings of the COVID-19 pandemic is the key role that digital financial services have played to help countries weather the crisis and explore new opportunities. Over 200 nations have expanded social protection measures, many using digital payments providers to make transfers directly into bank accounts or mobile wallets. And digital technologies have supported the shift from in-person to online payments for goods and services and given access to the digital economy. 

Yet, across developing countries, poor people who are already struggling with the health and economic impact of the pandemic, are increasingly targeted by online fraudsters. Social engineering attacks, data breaches, and system outages inflict real harm. The consequences of losing even small amounts of money on the poor can be devastating.

This highlights the need for improved digital literacy and consumer awareness of cyber-hygiene as a joint responsibility of customers, policymakers, and the private sector. Particularly, as in most developing countries, when a cyber incident occurs it is the customers who are liable for losses and carry the burden of proof.

Beyond financial inclusion, growing cybersecurity risks threaten financial sector stability and integrity, as well as financial consumer protection. And cyberattacks also threaten digital financial service providers with potentially irreparable reputational damage that could lead to loss of market share and weaken incentives to innovate.

Even prior to the pandemic, industry players and governments in emerging markets were increasingly aware of the need to develop regulatory frameworks, industry guidance and supervisory processes.

Cybercrime has been on the rise with over a billion US dollars lost from cyberattacks in the African banking sector in 2017 alone. Most African financial service providers do not carry out security testing, keep up-to-date cybersecurity trends, and almost all cybersecurity incidents went unreported. Mobile money providers may be at risk particularly when their applications lack basic security controls such as data encryption.

Moving forward, working together to put in place a coherent approach to enhance cybersecurity capacity in developing economies will be key, especially across Africa.

For the policymakers, there is much to learn from peer regulators and supervisors who have successfully devised tools to deal with cybersecurity, such as Ghana’s or Nigeria’s Cybersecurity Framework. Building up regulatory and supervisory capacity, as well as having cybersecurity as an important pillar in long term digital plans and strategies will be critical. This includes having dedicated staff incorporate cyber risks into existing supervisory tools, such as checklists, and designing new regulatory approaches.

For the private sector, there are several important roles, including harmonizing industry standards and establishing good business practices to build trust among customers. The private sector can use security-by-design approaches, build cybersecurity competencies inside their firms, and increase support for government initiatives with additional resources.

For development partners, there is a key part to play in providing the technical assistance and financial support for this journey. It is encouraging to already see the increasing prioritization of cybersecurity. Today’s event is a promising sign of what could be to come. Going forward it will be important for development partners to build up their level of support to advance the creation of regional capacity hubs and cybersecurity expertise.

For global bodies — such as the G20 and global financial standard setters — need to recognize cybersecurity as a priority challenge. One that requires global and coordinated efforts to avoid duplication of work, to identify of good practices, and to collaborate in resource mobilization if we are to ensure that the poor and developing countries are not left behind.

Public and private sector collaboration will also be very important. This can include creating partnerships to monitor and prevent cyber threats as they arise, such as: 

  • Setting up fraud forums that enable financial and telecommunications providers to regularly share practices – good or bad;
  • Establishing emergency response teams to quickly aggregate, identify, and coordinate responses to cyberattacks, and;
  • Committing to robust and ongoing dialogue between the private sector and regulators to ensure an environment that supports innovation while protecting customers and the financial system.

In the Netherlands, we have established National Cyber Security Center to play this critical role. They are on 24/7 standby in case of crisis to give expert support and they are continuously identifying risks and trends which are shared with businesses and across government. I sincerely hope that our collective actions can help spur similar resource mobilization to be built up in developing countries.

I would like to close by encouraging all of you to work together to ensure increased cyber-resilience, so everyone can access safely and use digital financial services to really transform their lives.