Overview of the questionnaire
The questionnaire was crafted to collect information on supervisory practices or initiatives to mitigate security risks in the digital ecosystem. In June 2017, SC3 distributed it to several supervisory authorities in various jurisdictions. The distribution list included FinCoNet Members and non-Members, as well as international bodies.
The questionnaire consisted of a set of “yes or no” questions and an optional “in progress” column for actions implemented or pending. Respondents were also tasked to provide detailed descriptions of specific initiatives or experiences and to describe other relevant initiatives related to each challenge. Respondents were invited to suggest any practice/initiative/line of action that should be highlighted as case studies of supervisory initiatives to mitigate security risks in the digital ecosystem falling within the scope of different challenges. (To view the questionnaire, please see Annex II).
The questionnaire aimed to identify supervisory actions with a peer-learning purpose. It did not have comparative or evaluation purposes; instead it provided an opportunity for respondents to share initiatives and experiences.
SC3 was pleased to receive the important contribution of 32 responses from different jurisdictions and continents; 21 responses from FinCoNet Members and Observers and 11 from other jurisdictions and international organisations.
Purpose of this report
The analysis presented in this report is based on responses to the Questionnaire for conduct of business supervisors – Mitigating security risks with actions proposed in the FinCoNet report, ‘Online and mobile payments: supervisory challenges to mitigate security risks’. 6 The report aims to:
(i) provide an analysis of the questionnaire responses regarding conduct of business supervisory initiatives to tackle the challenges identified in the 2016 Report, Online and mobile payments: supervisory challenges to mitigate security risks;
(ii) present the conduct of business supervisory practices or initiatives identified within each challenge that are being implemented across jurisdictions to mitigate security risks in the digital context; and
(iii) highlight specific lines of action being used to address the distinct features and risks of online and mobile payments. The report is organised in three sections: (1) executive summary, (2) conduct of business supervisory practices and (3) key takeaways.
