OJK Launches Guidelines For Commercial Banks To Be Ready To Face Cyber Incidents

Photo: Doc. Antara

JAKARTA - The Financial Services Authority (OJK) launched a Digital Resilience Guide with the aim of being a guide for commercial banks to be able to prepare, face and recover after technological operational disruptions or disruptions or cyber incidents.

"Although we feel that at this time the banks are strong enough to be related to digital resilience or AI development, we cannot be careless about this technology, we must always be guided by the best international practice and we continue to strive for our cyber security," said OJK Banking Supervision Chief Executive Dian Ediana Rae in Jakarta, quoted from Antara, Tuesday, August 20.

Dian said that this digital resilience guide is a form of OJK's support for Indonesian banking in increasing the acceleration of digital transformation and strengthening the business and operational resilience of banks in today's digital era.

This digital resilience guide was prepared to complement various OJK policies in supporting the acceleration of digital banking transformation, including the blueprint for digital banking transformation as regulated in POJK No.11/POJK.03/2022 concerning the Implementation of Information Technology by Commercial Banks and the OJK Circular Letter No.29/SEOJK.03/2022 concerning Cyber Security and Security for Commercial Banks and SEOJK No.24/SEOJK.03/2023 concerning the Assessment of Commercial Bank Digital Maturity Levels.

Dian said the digital transformation currently being carried out by the national banking industry has the potential to increase the complexity of use and dependence on technology in banking business operations. In addition, digitalization allows the banking industry to collaborate with other sectors through interconnection in a digital ecosystem.

This, explained Dian, demands a resilient banking system. Without the resilience of the banking system, one cyber attack on connection points can affect the operational continuity and business of banks.

"In these conditions, the digital resilience framework becomes crucial for all of us to implement," he said.

In overseeing banks to prepare digital resilience, OJK has compiled a digital resilience framework that in general includes resilience to business dynamics, resistance to disruption or disruption, and paying attention to customer protection aspects.

If elaborated further, Dian explained that the resilience to business dynamics is reflected in the digital competitiveness dimension which includes the development of consumer-oriented products, then the rapid, appropriate, and responsible adoption of the latest technology, as well as the transformation of organizational design, digital leadership, digital culture, and digital talent.

On the other hand, Dian explained, resilience to disruption or disruption is reflected in the framework of business continuity management or known as business continuity management (BCM) which consists of three main stages.

The first is the anticipatory stage, which is the process of preparing yourself to face possible disturbances or threats to the digital environment.

Second, the defense and recovery stage (withstand and recover) which is a process in dealing with security incidents or disturbances while ensuring bank operations effectively.

Finally, this is a sustainable stage which is an evaluation and development process to improve capabilities and knowledge as an effort to develop better resilience procedures.

As part of consumer protection in the digital area, Dian said that the digital resilience framework must also pay attention to customer aspects which include customer incident management, customer incident recovery, and customer post recovery services.

He added that the structured digital resilience framework is also an important strategy in fortifying banks from various digital risks that arise.

The context of digital resilience is not only limited to resilience related to digital infrastructure and the implementation of technology from banks, but also related to mitigation processes, digital-related policies, and most importantly aspects of human resources (HR) in banks and customers.

In addition, non-technical aspects such as human resources and leadership are also an important aspect as reflected in the bank's ability to deal with businesses in digital areas that move fast, dynamic, and follow current trends so that it requires the maturity of strategies to be able to survive in the increasingly competitive financial services sector.