Jacek Jastrzębski, Chair of the KNF, spoke at the conference ‘Together towards safe future: the role of the Police in the changing world’, held by the National Police Headquarters during the POLSECURE International Expo, bringing together the public security industry in Poland and co-organised by the National Police Headquarters and uniformed services. Jacek Jastrzębski took part in the fireside chat ‘Financial market at the front line of hybrid war’, hosted by Bartłomiej Godusławski, deputy editor-in-chief of Business Insider Polska.

The starting point for the discussion was a thesis statement that the financial sector had become one of the key pillars, or even the first line of defence, in the context of broadly understood security of the state and citizens. This follows from the society’s growing reliance on electronic channels of access to funds and on digital infrastructure, which supports both banking operations and an increasing part of public services. The financial sector has become one of foundations of state security, while its stability now depends not only on economic parameters, which are under control, but also – to a growing extent – on the capacity to adapt to unforeseeable technological, social and geopolitical threats. In this new paradigm, matters of key importance include resilience, cooperation, and understanding that the borders between financial, public and national security are increasingly blurred.

The Chair of the KNF has emphasised that access to money and security of financial data are, these days, essential needs of citizens, and the financial sector, in particular the banking sector, is responsible for meeting those needs. At the same time, banking has become an integral part of the state’s functioning, as banking channels are used, among other things, to access public services or tax returns. As a result, any potential disruptions in the functioning of the financial system would be immediately felt at the social level. This is confirmed by such examples as breakdowns of payment systems and accompanying social reactions.

Jacek Jastrzębski talked about the experience of crises in recent years – the COVID-19 pandemic and the outbreak of war in Ukraine – which demonstrated the importance of citizens’ confidence in the financial system. The banking system proved resilient, and the experiences served as a kind of ‘resilience testing’, preparing the sector for future potential shocks.

The Chair of the KNF also pointed to the evolution of the role of supervisory authorities, such as the KNF. Traditional prudential supervision remains the cornerstone, but new areas, such as cybersecurity, financial crime prevention or incident response are gaining importance. Creation of specialised structures, including IT threat response teams, reflects the need for a speedy exchange of information and cooperation among institutions. It becomes important to depart from a purely control-based model of post-factum actions and move towards a cooperative model, based on trust and joint risk management in real time.

The Chair also mentioned the importance of transition from the concept of ‘risk’ to the concept of ‘uncertainty’. Traditional risk management models based on historical data and probability of events prove inadequate in the face of phenomena called ‘black swans’, such as a pandemic or geopolitical conflicts. In response to this situation, it is proposed that resilience should be built, with such resilience being understood as the capacity of a system to adapt to unforeseeable events. This means the need to create a number of scenarios, outside-the-box thinking and interdisciplinary approach, as well as readiness to quickly respond to previously unknown threats.

It is also important to identify the weakest links of the system. Even though financial institutions are strongly protected at the regulatory and technological levels, it is a human factor that usually constitutes a weakness, both on the part of the client, and at smaller entities with limited resources. Cyberattacks increasingly use social engineering, which also means that attack vectors are reoriented from institutions to users. This provokes difficult questions about the optimal distribution of risks and responsibilities for losses due to fraud, in particular in cases where clients have been manipulated. Such a debate is going on particularly in the area of unauthorised payment transactions.

Looking into the future, the key challenge will be to ensure operational resilience of the financial sector, in particular in the context of technology providers and service providers. Even well protected institutions may be vulnerable to threats stemming from external relations (e.g. with suppliers), which justifies the approach in which security should be ensured along the entire supply chain. In this sense, the security of the financial sector is no longer its internal feature, but it becomes a function of the entire ‘ecosystem’ in which it operates.