- Finnish banks and authorities performed well in the financial sector’s FATO 2021 joint preparedness exercise last autumn.
- The results of the exercise have now been analysed and show that banks and financial sector authorities have improved their preparedness for diverse threats.
- Some room for improvement was still found in their cooperation and communications.
Banking operations are subject to diverse threats such as cyberattacks and financial crises. In their role as the enabler of payments and other vital services, banks are highly important to the functioning of the society, and their crisis preparedness must be constantly strengthened. The organisers of the FATO exercise challenged the participants with different kinds of scenarios and questions. Each organisation was required to describe how they would operate in the given circumstances.
“The main finding was that banks and authorities have improved their preparedness against diverse threats – their cybersecurity maturity, as we call it – compared to the previous exercise in 2015”, says coordinator of the exercise Niko Saxholm, who is the secretary of the Finance Pool and the head of security and loss prevention at Finance Finland.
The COVID-19 pandemic of the past two years has had a positive effect on financial companies’ preparedness. According to Saxholm, the results suggest that the pandemic and the preparedness measures it has required may have spurred many improvements in overall preparedness as well. These improvements are related to, for example, remote working and the relevant technologies.
“The FATO exercise is an important part of the preparedness planning of banks and authorities. It is a forum that enables banks to discuss and develop their preparedness planning together with the relevant authorities: what works and what needs further development”, says Tehi Palletvuori, business continuity manager at the National Emergency Supply Agency.
In the final evaluation, the banks and authorities participating in the exercise also received some criticism for their preparedness for short-term disruptions when faced with new threat scenarios. The importance of and need for cooperation was also highlighted in questions related to crisis communications.
“Banks have such a long history of preparedness planning that such exercises rarely uncover any unexpected or major targets for improvement. But banks and the authorities can always improve their mutual cooperation and how they communicate on the situation”, Saxholm notes.
Now that the results of the exercise have been analysed, the next step is to set targets for development. This work will take place in the National Emergency Supply Organisation network.
The financial sector and the authorities are by no means done with preparedness practice: there are plans to conduct similar exercises at regular intervals in the future. The first of these will already begin in February, when the financial sector will take part in the large-scale TIETO22 cybersecurity exercise, which involves a large number of different sectors and authorities.
The National Emergency Supply Agency (NESA) is a central government organisation operating under the Ministry of Employment and the Economy of Finland. It is tasked with carrying out the planning and operations related to the maintenance and development of Finland’s security of supply. The NESA has several sectors and pools that maintain and develop security of supply and continuity management together with the businesses and organisations under the National Emergency Supply Organisation.
Niko Saxholm, Head of Security and Loss Prevention, Finance Finland, tel. +358 20 793 4235, email@example.com
Tehi Palletvuori, Business Continuity Manager, National Emergency Supply Agency, tel. +358 29 505 1032, firstname.lastname@example.org