Aith the health crisis, the increased digitization of financial services has led to an increase in the exposure of the banking sector to cyber risk. Indeed, the stakes are high because the financial sector plays a key role in the functioning of the economy, to the point that the attack on a financial institution could have disastrous consequences on the current economic operations of an entire country. . In this context, the Central Bank kept a watch on the press releases published by the General Directorate for Information Systems Security (DGSSI) on cyber threat alerts and exchanged with banks and more particularly the community of security managers. information systems (RSSI), around the most critical cyber threats and the necessary preventive and corrective actions.
The Bank also closely monitored the development of cyber threats targeting financial institutions in particular at the international level and exchanged with the banking sector on response plans in order to guard against them. The Bank also monitors publications, standards and recommendations from regulatory bodies and international organizations on cyber-risks, cybersecurity and digital operational resilience. It held ad hoc meetings with the banks to discuss the practices in place for controlling cyber risks and the measures recommended by international organizations in terms of strengthening the security of information systems.
Given the strong financial and technological interconnections, any successful attack against a large financial institution or against a central system or service used by a large number of people could quickly spread throughout the financial system and cause disruption and loss. trust on a large scale.
Bank Al-Maghrib also examined the penetration test reports submitted annually by credit institutions through which they track their annual penetration test programs on their information systems. The results of this review were shared with credit institutions in dedicated meetings. This year, and following the promulgation of Law No. 05-20 on cybersecurity and its implementing decree, the Bank, through its role as sector coordinator of the banking sector, identified the infrastructures of vital importance in this sector and appointed them and declared their list to the DGSSI.
Morocco strengthens its legal arsenal
The 2021 financial year was marked by the approval of decree no. 2-21-406 for the application of law 05-20 on cybersecurity. This decree mainly aims to define the measures for protecting the information systems of State administrations, public establishments and companies and any other legal person governed by public law, as well as those of infrastructures of vital importance and operators. private. It also determines the qualification criteria for audit service providers and cybersecurity service providers. Bank Al-Maghrib, as coordinator of the banking sector, notified all the entities subject and qualified as infrastructures of vital importance in order to comply with the requirements of the aforementioned law and decree.
As a reminder, Bank Al-Maghrib has adopted the CROE methodology (cyber resilience monitoring expectations) to assess the cyber-maturity of MFIs, which has improved compared to 2020, according to the self-assessments carried out by these infrastructures.