Trinidad and Tobago: Strengthening Cybersecurity in Financial Institutions

This technical assistance report focuses on strengthening cybersecurity in financial institutions in Trinidad and Tobago. Cybersecurity governance at The Central Bank of Trinidad and Tobago (CBTT) is set up according to generally accepted practices with recently updated policies and procedures. Information Technology (IT) governance responsibilities comingled with the second line of defense, resource constraints, information security function reporting to IT function, and less focus on payment systems other than SWIFT were some of the concerns identified by the Mission. The Identity and Access Management (IAM) project is in the preparatory stage, and the project arrangements were comparable to good practices observed elsewhere. CBTT’s regulatory environment on cyber is marked by instructions being part of several guidelines in an indirect way in the absence of a dedicated guidance on the subject. The seminar on cyber risk regulation contributed to building capacity to draft a guideline on the topic. Supervisory practices pertaining to cyber risk need strengthening with focus on addressing resource constraints, conducting regular risk-based onsite examinations, and setting up offsite supervision capabilities. The mission recommendations focused on strengthening the cyber posture of the CBTT as well as the financial institutions supervised by CBTT.