THE Central Bank is exploring ways it can improve its ability to help local financial institutions protect themselves against cyber attacks.

Among them could be a dedicated unit within the bank to deal with these situations and site visits to commercial banks to assess their respective cyber-security measures.

The bank's deputy director (financial institutions) Michelle Francis Pantor made those statements during a meeting with Parliament's Finance and Legal Affairs Joint Select Committee (JSC) at the Red House, Port of Spain, on Friday.

Pantor said, "The Central Bank is aware that cyber security (attacks have) been increasing with the efforts towards digitalisation. We know this is only going to increase. It is one of the top two risks in the world, cyber security."

She told committee members the bank has commissioned technical assistance from the International Monetary Fund (IMF) to improve its capability to address possible cyber attacks on financial institutions.

"That has been ongoing. We have been training our examiners. A report was published by the IMF. It is publicly available.

"One of the recommendations is to shore up our resources with respect to cyber security. This is under active consideration at the bank."

In response to questions from Port of Spain South MP Keith Scotland, Pantor said the bank did not have a cyber-security unit, but different entities under its ambit which dealt with different aspects of cyber attacks.

She did not rule out the possibility of a dedicated cyber-security unit being created within the bank.

"Whether it's a specialised unit, whether it's additional persons, has not been determined at this point."

Scotland observed that the bank made recommendations to financial institutions to use end-to-end encryption for transmitting personal passwords for customers' accounts.

He asked, "To what extent are financial institutions adhering to the above recommendation?"

Pantor said, "We have not done those types of on-site verification exercises to date."

What has happened so far, she continued, are self-assessment reviews of financial institutions as the bank builds up its capacity to do on-site supervision.

Pantor said the bank had issued a cyber-security guideline to financial institutions last September.

"Responses to those questionnaires are due by end of March this year. We are awaiting those responses in order to assess...the areas where there may be gaps."

Pantor said financial institutions were also required to submit detailed action plans to the bank along with those cyber-security self-assessments.

Scotland maintained that on-site visits by the bank to other financial institutions to determine the effectiveness of their cyber-security measures was a critical part of the bank's audit and oversight of those institutions' ability to repel cyber attacks.

He asked Pantor if the bank issued compliance letters and fines to financial institutions whose cyber security measures were not up to a particular standard from 2020-2023.

Pantor reiterated