News

CBK urges banks to regularly vet staff, outsourced deals

cbk

Central Bank of Kenya. FILE PHOTO | NMG

alushula

Summary

  • This comes in the wake of rising fraud in the sector.
  • Governor Njoroge said that proper vetting of staff at entry point can help keep off fraudsters.
  • Further, he called for proper segregation of duties and development of insider-threat programs to mitigate risk.

The Central Bank of Kenya (CBK) is calling on banks to enhance audits of staff and business arrangements with third parties.

This comes in the wake of rising fraud in the sector.

Governor Patrick Njoroge said on Friday that in securing customers, banks should not forget that most of the cyber security threats in the sector are initiated from own staff or other people who have access to their systems.

“Even as banks address customers, they also ought to take a closer look at whether they have effectively addressed cybersecurity internally.

"They must regularly assess whether their key assets -- staff -- are turning into key liabilities,” said Dr Njoroge in Nairobi.

“Highly qualified staff are often categorised as key assets. However, there has been an increase in cyberattacks perpetuated by or with the help of insiders. In this regard, there is need to ensure staff are properly vetted.”

Fraud risk

He was speaking at a Kenya Bankers Association (KBA) event to roll out #KaaChonjo campaign, an annual initiative aimed at educating consumers on how to protect themselves from fraud-related risk.

Dr Njoroge said that proper vetting of staff at entry point can help keep off fraudsters.

Further, he called for proper segregation of duties and development of insider-threat programs to mitigate risk.

With increased trend of outsourcing services by banks to enhance efficiency, the CBK boss warned that this is also posing additional risks.

It is imperative that banks review their outsourcing arrangements since third party connections may not always be secure, according to Dr Njoroge.

“Institutions may not be aware of the controls and policies that the service provider has. They need to audit such service providers to ensure they adhere to cybersecurity standards,” he said.

Due diligence

This will require services provided by third parties to be subjected to heightened due diligence to avoid in planting of back doors used to infiltrate banks’ systems.

KBA chief executive Habil Olaka called on financial and retail organisations to continue working together in battling the evolving nature of fraud.

“Fraud is among the challenges that threaten progress in adoption of new technologies. We firmly believe that it is through cross-sector collaborations that we can defeat fraud,” Dr Olaka said.

The month-long campaign is being held in collaboration with Visa, Retail Trade Association of Kenya, Mastercard, Airtel, PesaLink and Consumer Grassroots Association.