Banks in South Africa
There are no specific laws or guidelines for cybersecurity governance of banks in South Africa. The newly released King IV Corporate Governance Report provides limited guidance for managing cybersecurity risks. The Cybercrime and Cybersecurity Bill, which is expected to be introduced in parliament later this year, also does not provide governance guidelines. In the absence of specific guidelines, the country’s banking sector should consider aligning with the G7 guidelines.
Cost of cyber-attacks
The frequency and severity of cyber-attacks have grown, costing consumers $158bn in 2015, according to Cybersecurity Ventures research. They predict that global cybersecurity costs will grow to $6trn annually by 2021 and these will include:
- Damages and destruction of data
- Fraud, embezzlement, theft of money, intellectual property and personal and financial data
- Business interruption and costs associated with loss in productivity, restoring and deleting hacked data systems and post-attack disruptions
So serious is the threat that the US president Barack Obama declared a national state of emergency to deal with cybercrime, which is to national borders and can originate anywhere in the world.
The spectacular cyber-heist on the Bangladesh Bank in 2016 resulted in theft of $81m, and was the largest hack on a bank to date. The forensic investigation revealed that malware was installed within the bank’s system some time prior to the hack. The malware gathered information on all the bank’s operational procedures, allowing the theft.
Eight key elements in the new guidelines
- Cybersecurity strategy and framework
Financial sector entities must establish and maintain a cybersecurity strategy and framework tailored to specific cyber risks, in line with international, national, and industry standards and guidelines.Such a strategy should specify how to identify, manage, and reduce cyber risks effectively in an integrated and comprehensive manner. These should be tailored to the nature, size, complexity, risk profile, and culture of the business.
The roles and responsibilities of personnel implementing, managing, and overseeing the framework should be clearly defined to ensure accountability; and provide adequate resources, appropriate authority, and access to the governing authority.Boards or oversight bodies of both private entities and government should establish the tolerance of their organisation to cyber-attack, and oversee the design, implementation, and effectiveness of related cybersecurity programmes.
- Risk and control assessment
Ideally, as part of an enterprise-risk management programme, entities should evaluate the inherent cyber risk presented by the people, processes, technology, and underlying data that support each identified function, activity, product, and service. In addition to evaluating its own cyber risks, the risk the organisation presents to others and the financial sector as a whole should also be considered. Government entities should also investigate their points of weakness and put the necessary protective measures in place.
Systematic monitoring processes need to be established to rapidly detect cyber incidents and these should be tested regularly through audits and exercises. Depending on the nature of an entity and its cyber-risk profile and control environment, the guidelines advise that the testing process be carried out by independent auditors.
As part of their risk and control assessments, entities should implement incident response policies. Among other things, these controls should clearly address decision-making responsibilities, define escalation procedures, and establish processes for communicating with internal and external stakeholders. Exercising protocols within and among entities and public authorities contributes to more effective responses. Therefore cyberattacks should be publically reported to create an awareness of the nature of the threat within the industry, even though many enterprises fear that doing so could create distrust among their clients.
Resume operations responsibly, while allowing for continued remediation, including by (a)eliminating harmful remnants of the incident; (b) restoring systems and data to normal and confirming normal state; (c) identifying and mitigating all vulnerabilities that were exploited; (d) remediating vulnerabilities to prevent similar incidents; and (e) communicating appropriately internally and externally.Once operational stability and integrity are assured, prompt and effective recovery of operations should be based on prioritising critical economic and other functions and in accordance with objectives set by the relevant public authorities.
- Information sharing
Sharing reliable, actionable cybersecurity information with internal and external stakeholders and beyond on threats, vulnerabilities, incidents, and responses will enhance defences, limit damage, increase situational awareness, and broaden learning. Threat indicators or details on how vulnerabilities were exploited, allows entities to remain up-to-date in their defences and learn about emerging methods used by attackers. It deepens the collective understanding of how attackers may exploit sector-wide vulnerabilities that could potentially disrupt critical economic functions and endanger financial stability. Given its importance, entities and public authorities should identify and address impediments to information sharing.
- Continuous learning
Cyber threats and vulnerabilities evolve rapidly, as do best practices and technical standards to address them. The composition of the financial sector also changes over time, as new types of entities, products, and services emerge, and third-party service providers are increasingly relied upon. Entity-specific, as well as sector-wide, cybersecurity strategies and frameworks need periodic review and update to adapt to changes in the threat and control environment, enhance user awareness, and to effectively deploy resources.Other sectors, such as energy and telecommunications, present external dependencies; therefore, entities and public authorities should consider developments in these sectors as part of any review process.
SeerBit unveils Alpha, to enable businesses in Africa to drive growth
Seerbit, a Pan-African payment solutions provider, has unveiled Alpha, a white-label product that makes it easier for financial institutions, travel and hospitality companies, online marketplaces and other businesses to drive growth and expedite the penetration of digital payments in Africa by seamlessly launching their own digital financial technology solutions.
Despite the growing trend of digital commerce on the continent, only 5 to 7 per cent of all payment transactions are made via electronic and digital channels. Most transactions are still happening offline which means the majority of consumers are burdened with the inefficiencies of cash-based transactions. This also means there is a significant amount of untapped value as consumers are unable to effectively access credit and other financial services because their cash-based transactions do not give financial institutions enough insight into their spending behaviours to provide the services they deserve.
At the same time, across multiple industries, there are already countless businesses that regularly interface with consumers across the continent and have visibility into these spending behaviours but either have limited access to digital payment solutions or do not have the capacity to build what they need for themselves. Most end up transacting with cash because it is what they are used to, or they settle for off-the-shelf digital payment solutions that only offer generic services.
SeerBit Alpha takes the hassle out of businesses having their own personalised fintech solutions to deliver the services customers want and need, powering them to not only drive growth but add value to their customers by providing easier access to game changing digital financial services. Businesses simply need to plug SeerBit Alpha into their existing platform and they will be enabled to seamlessly offer credit, operate their own payment gateway to facilitate reliable collection of payments from customers, launch digital banking services such as account opening, fund transfers and other banking services, as well as international money transfers, catering to the needs of customers that offer cross-border payment needs.
Businesses can also leverage SeerBit Alpha to sell mobile phone credits and billing services, enabling their customers to purchase mobile phone credits directly through their platforms, expanding their service offerings and opening additional revenue streams.
According to Omoniyi Kolade, CEO and Founder of Seerbit, “Our mission at SeerBit is to make it as easy as possible for businesses to leverage digital payments to drive growth and SeerBit Alpha is one of the products that helps us to achieve this. We are taking away the complexity of having to build your own solutions and giving businesses the opportunity to take advantage of our tried and tested innovation. By leveraging our cutting-edge technology, businesses can unlock new opportunities, drive growth, and establish themselves as leaders in the evolving fintech landscape.”
SeerBit is building a unified payment ecosystem that removes the complexity and fragmentation from the digital payment process in Africa, enabling businesses to seamlessly accept multiple payment methods and streamline online and offline transactions. The company has operations in 10 African countries with a wide range of solutions developed to drive the adoption of digital payments across the continent and enable better payment experiences that positively impact businesses bottom lines. Its partners include The British Council, United Bank for Africa, WiX and other prominent local and international companies.
Flapmax Partners Intel to Accelerate Artificial Intelligence Innovation in Africa
Flapmax, a leading artificial intelligence (AI) company, announced today its strategic partnership with Intel, the global technology leader, to foster AI innovation and drive economic empowerment in Africa. The collaboration will provide technology access, training, mentorship, and funding opportunities to entrepreneurs in emerging markets, starting with Africa, through the FAST Accelerator program. FAST is designed to help startups that are building cloud-based and AI-enabled products and services supporting Africa’s communities, companies, and governments.
“Flapmax has been working with Intel to develop sustainable digital solutions that readily expand AI accessibility in underserved communities, and we are excited to build on our momentum with the FAST Accelerator program,” said Dr. Dave Ojika, Founder and CEO of Flapmax. “Bridging the knowledge gap in technological advancement is key to creating meaningful social impact. Through this partnership with Intel, Flapmax will bring cutting-edge technology and advanced curricula, including generative AI, robotics, and deep tech, to innovators in Africa and other technologically underserved communities.”
Created by Flapmax in partnership with Microsoft, FAST Accelerator combines business development, AI integration, funding, and community building opportunities designed to enable startups to scale more rapidly and sustainably. More than 800 startups from 25+ countries applied to join the inaugural program. Startup leaders are encouraged to apply to this year’s FAST Accelerator program. The top startup participants will embark on an enriching five-week program in Silicon Valley, California, forging relationships with industry experts, potential investors, and global partners through Flapmax’s vibrant ecosystem of over 600 corporate partners.
“Intel’s mission to shape the future of computing and enable a more intelligent, connected, and productive world aligns perfectly with Flapmax’s vision to bring AI technology to all aspects of life, inclusive of underserved populations in Africa and other emerging markets,” said Michael Campbell, General Manager, Education Client Division, Intel Corporation. “The partnership with Flapmax will greatly accelerate AI adoption for these communities, driving scalable business growth, optimized operations, and contributing to a more sustainable world.”
Program participants will collaborate closely with Intel through extensive mentorship and coaching, ranging from co-innovation projects to sales & marketing support and go-to-market enablement to expand their reach to a broader audience. Members of the Flapmax engineering team will help startups apply new Intel-optimized AI hardware and software solutions as well as scale and fine-tune their AI models on Microsoft Azure cloud platform. Participants will benefit from additional perks, including Microsoft for Startups Founders Hub (up to $150,000 of cloud credits) and Azure OpenAI (including ChatGPT, DALL·E 2, and other Large Language Models: LLM releases), as well as access to Microsoft 365 and Dynamics 365 developer sandboxes.
OPay to apply for a digital bank license in Egypt
OPay Business Development & Partnership Director, Mahmoud Khedr (Image: Supplied)
OPay, a leading and rapidly growing provider of financial technology and electronic payments solutions, has announced its intention to apply for a license to establish a digital bank in Egypt with a capital of $60 million, according to the rules for licensing and registration of digital banks, and control and supervision recently issued by the Central Bank of Egypt.
This step is within the framework of OPay’s commitment to its role in developing the Egyptian digital economy, supporting the Egyptian state’s plans towards digital transformation, strengthening the principles of financial inclusion, and building a society less dependent on cash transactions, using the best, fastest and safest financial technology solutions in the Egyptian market provided by OPay, along with its experience in the field of digital transformation in the countries of the Middle East and North Africa, Nigeria and Pakistan.
“OPay” aims to enhance its services with innovation and the latest technological solutions to meet the needs of the Egyptian market, and facilitate the conduct of financial and banking transactions for customers, as the company will work through the digital bank to provide lending, savings and card services via the Internet without the need for customers to go to branches, in addition to OPay services to accept payments Such as points of sale, digital payment gateway, and electronic wallets.
Mahmoud Khedr, Director of Business Development & Partnership at OPay, said: We are excited to obtain a license to establish a digital bank in Egypt, and to work hand in hand with the Central Bank of Egypt and all concerned authorities to start this step, which represents a new beginning to keep pace with global developments in the field of financial technology”.
He also explained that “OPay” is qualified to make a breakthrough in this industry as it has 5 years of experience in the financial technology sector in the countries in which we operate, which represents a real impetus towards achieving success and achievement in Egypt.”
Khedr added, “We achieved great successes last year, as the value of our sales in the region amounted to more than 50 billion dollars, while the number of users of the “OPay” application in all countries reached about 30 million users, and we aspire to exceed these numbers in the current year and achieve unprecedented record rates.”
He added: “We thank the leaders of the Central Bank for the initiatives it is launching to create a supportive climate for the financial technology industry, and for the unlimited support for the financial technology sector and the directives of its leaders towards advancing the digital economy and the great role it plays in developing and developing this sector.”