An effective defence against cyber attacks requires expertise and coordination. The ability of the owners of financial market infrastructures (FMIs) to manage and monitor cyber security in their own operations and in those of their ICT service providers is essential for adequate cyber security.

A disruption among critical ICT service providers may put important components of the payment system – and other key societal functions – out of action. Such concentration risk can be difficult to manage by individual FMI owners.

"It is Norges Bank's view that it should be studied how critical ICT service providers to the payment system can best be supervised, including whether such supervision should be coordinated among relevant regulatory authorities", says Deputy Governor Nicolaisen.

Banks' responsibility for cash services

Effective electronic contingency arrangements are crucial for ensuring that the payment system can be restored quickly after a disruption. Cash is a part of overall contingency preparedness in the event of a disruption in electronic contingency arrangements. Banks' responsibility for providing cash as a back-up has recently been clarified in a regulation. At the same time, cash remains an important payment method in normal situations.

"The provision of cash services is for the most part satisfactory, but vulnerable. Norges Bank is of the opinion that there is a need to clarify banks' statutory obligation to provide cash services also in normal situations", says Deputy Governor Nicolaisen.

Financial Infrastructure Report 2018