G7 sets common cyber-security guidelines for financial sector

By Jason Lange

WASHINGTON (Reuters) - The Group of Seven industrial powers on Tuesday said they had agreed on guidelines for protecting the global financial sector from cyber attacks following a series of cross-border bank thefts by hackers.

Policymakers have grown more worried about financial cyber security in the wake of numerous hacks of SWIFT, the global financial messaging system, including an $81 million theft in February from the Bangladeshi central bank's account at the New York Federal Reserve.

"Cyber risks are growing more dangerous and diverse, threatening to disrupt our interconnected global financial systems," according to the guidelines agreed by G7 finance ministers and central bankers.

The guidelines, which officials described as non-binding principles, were in a three-page document posted on the Web pages of G7 government agencies. The G7 comprises Britain, Canada, France, Germany, Italy, Japan and the United States.

U.S. Deputy Treasury Secretary Sarah Bloom Raskin told reporters in a telephone briefing that G7 officials had surveyed their existing cyber security practices and identified potential shortfalls.

A Treasury official later said the guidance was an effort to encourage regulators and firms to approach cyber security from a risk-management perspective. Fed Vice Chairman Stanley Fischer said in a statement the guidelines would address the weakest links in global cyber security.

Cyber thieves have targeted large financial institutions around the world, including America's largest bank JPMorgan, as well as smaller players like Ecuador's Banco del Austro and Vietnam's Tien Phong Bank. The U.S. Federal Reserve's internal security staff detected more than 50 cyber breaches between 2011 and 2015, with several incidents described as "espionage."

The guidelines released on Tuesday instruct governments to ensure that they police their own cyber-security readiness as well as that of companies they regulate, and that public and private institutions continually update their defenses.

The goal of the guidelines was also to get firms and regulators across the world to approach risks the same way, according to the Treasury official.

"If we get this right we will drive a common lexicon," said the official, who asked not to be named.

Governments are also supposed to notify one another about joint threats and cooperate to contain computer system breaches, while firms are encouraged to share information and ask for help when they need it.

"Maintaining trust and confidence in the financial sector significantly improves when entities and public authorities have the ability to mutually assist each other," according to the guidelines.

(Reporting by Jason Lange; Editing by Meredith Mazzilli, Jonathan Oatis and David Gregorio)