Investor Presentaiton
Annual Report
AR
2022
SUMMARY
WHO WE
ARE
OUR
STRENGTH
AND
OUR
RESOURCES
OUR
RESULTS
People and know-how
With the greater digitalization of the financial system,
the risk of cyber incidents with the potential to affect
the provision of services by financial institutions to their
customers is increasing. The deeper interconnection among
SFN and Brazilian Payment System (SPB) participants must
be followed by actions that prevent incidents that could
threaten financial stability. It is essential that institutions
can properly manage cyber incidents, mitigating their
effects and enabling the services affected to quickly
recover, in order to ensure the efficiency and security of
the SFN and SPB.
One of the work fronts of the SFN and SPB Cyber Resilience
Enhancement Program consisted of coordination among
the main representative associations of the financial sector
to organize simulation exercises of cyber incidents aimed
at financial institutions, payment institutions and financial
market infrastructures.
As part of the program, the first cyber exercise carried
out specifically for the financial sector took place in
mid-2022 at the Cybernetic Security Laboratory of the
Brazilian Federation of Banks (Febraban), which involved
representatives of financial market infrastructures and
seven associations. The exercise was essential to train
cyber incident response and recovery procedures. The
initiative aimed to assess the effectiveness of responses
of technical, tactical and strategic teams to simulated crisis
situations caused by cybercriminal attacks on the SFN.
Several scenarios of cyberattacks were addressed, in an
isolated, controlled, and protected environment, seeking
to simulate current threats and large-scale impacts on
financial institutions during the exercises.
The periodic execution of cybernetic exercises enables
exchange of knowledge among participants and training for
response and recovery teams, which will certainly contribute
to the cyber resilience of the financial sector as a whole.
Handling classified information
In September 2022, the BCB qualified as a Level 1
Registration Body for classified information treatment. This
qualification is relevant, since it consolidates the BCB's role
as an autonomous institution to supervise compliance with
the rules and procedures for security and treatment of
classified information, among others procedures.
45View entire presentation