CONTRACTUAL ALLOCATION OF CYBERSECURITY RISKS: EVOLVING STANDARDS IN BANKING SERVICE AGREEMENTS
DOI:
https://doi.org/10.5281/zenodo.14630830Abstract
The digital transformation of banking services has fundamentally altered the relationship between financial institutions and their corporate clients. As banking operations increasingly depend on complex technological infrastructure, the management of cybersecurity risks has become paramount in banking relationships. Traditional banking service agreements (BSAs), which historically focused on operational and financial risks, must now address sophisticated cyber threats that can compromise both banks and their corporate clients.
References
Agarwal, R., & Hauswald, R. (2021). Cybersecurity risk management in financial institutions: An empirical analysis. Journal of Financial Economics, 140(3), 789-814. https://doi.org/10.1016/j.jfineco.2021.02.008
Anderson, J. P., Smith, R. K., & Johnson, M. (2022). Regulatory frameworks for cybersecurity in banking: A comparative analysis. Journal of Banking Regulation, 24(3), 145-168. https://doi.org/10.1057/s41261-022-00192-4
Basel Committee on Banking Supervision. (2021). Principles for operational resilience in banking. Bank for International Settlements.
https://www.bis.org/bcbs/publ/d516.pdf
Chen, H., & Wilson, D. (2022). Contractual risk allocation in digital banking: An empirical study. Harvard Business Law Review, 12(2), 278-312.
Crisanto, J. C., & Prenio, J. (2020). Financial crime in times of Covid-19: AML and cyber resilience measures. FSI Briefs No. 7. Bank for International Settlements. https://www.bis.org/fsi/fsibriefs7.pdf
Davis, K. E., & Murphy, D. (2020). Risk allocation in complex financial contracts: The new normal. Yale Journal on Regulation, 37(1), 1-67.
European Banking Authority. (2021). Guidelines on ICT and security risk management (EBA/GL/2019/04). https://www.eba.europa.eu/regulation-and-policy/internal-governance/guidelines-on-ict-and-security-risk-management
Finck, M. (2021). Blockchain regulation and governance in Europe. Cambridge University Press. https://doi.org/10.1017/9781108609708
Gasser, U., & Almeida, V. A. (2020). A layered model for AI governance. IEEE Internet Computing, 24(4), 58-67. https://doi.org/10.1109/MIC.2020.2987469
Goldstein, I., Jiang, W., & Karolyi, G. A. (2019). To FinTech and beyond. The Review of Financial Studies, 32(5), 1647-1661. https://doi.org/10.1093/rfs/hhz025
Gozman, D., & Willcocks, L. (2019). The emerging cloud dilemma: Balancing innovation with cross-border privacy and outsourcing regulations. Journal of Business Research, 97, 235-256. https://doi.org/10.1016/j.jbusres.2018.12.027
Henderson, M. T., & Tung, F. (2021). The new market for corporate law. Columbia Law Review, 121(5), 1385-1440.
Huang, R. H., & Schoenmaker, D. (2020). The boundaries of banks: From risk management to cybersecurity. Journal of Financial Regulation, 6(2), 225-264. https://doi.org/10.1093/jfr/fjaa005
Johnson, K. N. (2021). Regulating digital financial services: The limitations of current approaches. Georgetown Law Journal, 109(3), 447-494.
Kopp, E., Kaffenberger, L., & Wilson, C. (2020). Cyber risk scenarios, the financial system, and systemic risk assessment. IMF Working Paper No. 20/68. International Monetary Fund.
Lam, J. (2021). Implementing enterprise risk management: From methods to applications (3rd ed.). John Wiley & Sons.
https://doi.org/10.1002/9781119720713
Li, Y., & Lui, F. T. (2020). The impact of regulatory changes on bank risk-taking: Evidence from China. Journal of Banking & Finance, 115, 105798. https://doi.org/10.1016/j.jbankfin.2020.105798
Liu, J., & Serrano, A. (2019). Cross-border data flows and privacy protection: A multilevel governance approach. Internet Policy Review, 8(3), 1-20. https://doi.org/10.14763/2019.3.1415
Mulligan, D. K., & Schneider, F. B. (2020). Doctrine for cybersecurity. Daedalus, 149(2), 93-108. https://doi.org/10.1162/daed_a_01794
National Institute of Standards and Technology. (2018). Framework for improving critical infrastructure cybersecurity (Version 1.1). U.S. Department of Commerce. https://doi.org/10.6028/NIST.CSWP.04162018
Peihani, M. (2020). Financial technology and the modernization of financial regulation. McGill Law Journal, 65(1), 1-42.
Prenio, J., & Yong, J. (2021). Humans in the loop: The operational dimensions of technology-enabled financial services. FSI Insights No. 32. Bank for International Settlements.
Schwarcz, S. L. (2019). Systematic regulation of systemic risk. Wisconsin Law Review, 2019(1), 1-48.
Singh, S., & Zhu, H. (2020). Cyber risk and return spillovers across financial institutions. Journal of Financial and Quantitative Analysis, 55(7), 2253-2279. https://doi.org/10.1017/S0022109019000735
Thakor, A. V. (2020). Fintech and banking: What do we know? Journal of Financial Intermediation, 41, 100833.
https://doi.org/10.1016/j.jfi.2019.100833
Vives, X. (2019). Digital disruption in banking. Annual Review of Financial Economics, 11, 243-272. https://doi.org/10.1146/annurev-financial-100719-120854
Weber, R. H. (2020). Development of coherent legal systems for cyber resilience in finance. Journal of Financial Regulation and Compliance, 28(2), 271-286. https://doi.org/10.1108/JFRC-07-2019-0077
Yaga, D., Mell, P., Roby, N., & Scarfone, K. (2019). Blockchain technology overview (NISTIR 8202). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.IR.8202
Zhang, L., & Lee, C. (2023). Collaborative approaches to cybersecurity in banking: Evidence from international financial centers. Journal of International Banking Law and Regulation, 38(1), 15-36.
