How Software Escrow is the Banking World’s Go-To Defence Against Cybercrime
Software escrow is increasingly being drafted into service as one of the ‘first line defences’ when it comes to protecting banks and their customers from cybercrime.
Two recent announcements – one by the Bank of England and the other by the Singapore Monetary Authority – show the financial industry’s reliance on information technology, in particular for cloud services, which is enhancing the risk landscape and requires a clear regulatory response.
The Monetary Authority of Singapore (MAS) is the financial regulator in Singapore and also the country’s central bank. Nearly a decade ago, it issued guidelines to help financial institutions build sound technology risk management frameworks, strengthen IT system security, and safeguard sensitive data and transactions of all the clients. The TRMG are regarded as one of the most comprehensive, elaborate and robust guidelines in the world. But they were recently revised to include instructions for escrow protection, and to specifically extend the TRMG to all third parties including outsourced service providers.
Importantly, they also addressed documenting and implementing standards and procedures for vendor evaluation, selection and controls, and implementing safeguards and putting in place source code escrow agreement if the vendor is unable to support the financial institution.
The Bank of England had acted similarly in April this year when it shared a series of proposals focused on outsourcing and third-party risk management within financial market infrastructure firms. Last year, it had also published operational resilience policy, this noting that a major priority for the Bank, the Prudential Regulation Authority and the Financial Conduct Authority was to create a robust regulatory framework to ‘promote operational resilience’ amongst financial market infrastructure firms,” he said.
Taken together, these demonstrated the Bank’s continued drive towards operational resilience amongst financial services providers, given increased reliance on third-party technology and software.
Of particular note is how the Bank highlights the importance of contractual and escrow arrangements between customer and third-party providers. It specifically states that software escrow agreements are one of the most effective, proportionate and cost-efficient measures to managing third-party technology risks with cloud, software and technology providers.
For nearly two decades, during which time EscrowSURE received an Institute of Risk Management of South Africa (IRMSA)award for its role in assisting South African businesses manage their mission critical business risks, we have pointed out that most commercial and governmental institutions are often entirely dependent on software over which they have limited or no control.
One of the biggest mistakes all companies make when evaluating risks to their business continuity is to neglect to consider and acknowledge how dependent their annual revenues are on technology platforms over which they have no control.
Safeguard your business continuity against cybercrime with software escrow