Summary of ECLAC Caribbean DFS outputs (2014-2017) 

Report on ITU/ECLAC/TATT 2016 workshop; Exploring Innovation in Transactions & Financing in Caribbean

 

 

The Economic Commission for Latin America and the Caribbean (ECLAC), subregional headquarters for the Caribbean, is pleased to transmit for your attention, (LC/CAR/2017/11) entitled “REPORT OF THE SEMINAR ON SCIENCE, TECHNOLOGY AND INNOVATION FOR SUSTAINABLE DEVELOPMENT- EXPLORING INNOVATION IN TRANSACTIONS AND FINANCING IN THE CARIBBEAN” from the meeting convened in Port of Spain, 1-3 June 2016.

 

Below is a listing of the various DFS outputs produced by ECLAC from 2014 – 2017

=============================================================================

ECLAC Publications and Resources in “Digital Financial Services”

2014

2015

 

Digital currency and mobile money solutions are components of new industry classifications referred to as Financial Technology (FinTech) and Digital Financial Services (DFS).

2016

 

 

 

 

 

Instagram media by beascycle - UN Economic Commission for Latin America and Caribbean #digitalcurrency study finally publishedThis report examines the usage of digital currency technology in the Caribbean subregion with a view to drawing attention to the opportunities and risks associated with this new phenomenon. It discusses the broader context of an emerging activity at the global level and considers how this technology could address subregional deficiencies in the electronic payment infrastructure.The report also discusses mobile money solutions, and the relationship of that technology to digital currency.

 

The workshop is co-organized by the International Telecommunication Union (ITU) in partnership with the Telecommunications Authority of Trinidad and Tobago (TATT) and the United Nations Economic Commission for Latin America and the Caribbean (UNECLAC).

 

Its primary purpose is to provide Caribbean stakeholders from various sectors with interactive sessions along the theme of utilizing technology innovations towards the goal of improving financial transactions and financing arrangements.

 

 

Report of the seminar on science, technology and innovation for sustainable development – Exploring innovation in transactions and financing in the Caribbean (LC/CAR/2017/11) 

 

 

Event video recording

2017

 

Caribbean countries have been seriously impacted by the trend toward “de-risking” in the global financial system, and this is damaging to their economic security and the ability of Caribbean businesses to innovate. De-risking is the name given to the tendency of banking institutions to turn away from working relationships and lines of business for which the cost of regulatory compliance—and the risk of non-compliance— is deemed to be too high in comparison to the returns.

 

This is a phenomenon that is affecting developing economies around the world, but the small and vulnerable economies of the Caribbean have been hardest hit.

 

 

 

The primary purpose and objective of this workshop is to continue providing Caribbean stakeholders from various sectors with interactive sessions along the theme of utilizing technology innovations towards the goal of improving financial transactions and financing arrangements.

 

 

Programme & Presentations available from link above

 

 

Event video recording 

 

Caribbean Digital Financial Services (DFS), DRM & IoT

Peter Nicholls delivers his opening address on behalf of the UN ECLAC at the DFS workshop. Others; Selby Wilson (CTU; partially visible), Cleveland Thomas (ITU), Hon. Darcy Boyce (Barbados)

Post tropical storm Bret, the non-profit SEWATT partnered with local Subway franchise holders to utilize their merchant payment network across several branches, to facilitate donations which were ultimately distributed to beneficiaries as sandwiches. Reliable mechanisms for donations post disaster is recognized as a key element of disaster relief. and national Disaster Risk Management (DRM)  The United Nations Economic Commission for Latin America and the Caribbean (ECLAC) recently published a report entitled “Strengthening cooperation between telecommunications operators and national disaster offices in Caribbean countries” citing the potential benefit of Mobile Network Operators (MNOs) enabling donations via short codes post disaster.

  

This issue crosses over into other work which ECLAC has been involved in, in partnering with the International Telecommunications Union (ITU) and the Telecommunications Authority of Trinidad and Tobago (TATT) to jointly host the 2nd annual Caribbean Digital Financial Services (DFS) workshop over the period 27th – 28th April 2017.

DFS at its very core is about payments and value transfers via mobile and electronic channels. Several sub-areas are encompassed under this banner, including, but not limited to; mobile money, digital currency,  blockchain, regulation, digital ID, digital credit and donations.  It is recognized as an enabler for financial inclusion, banking the under banked, economic empowerment, economic development, strengthening participation in the digital economy and FinTech. It is an area at the intersection of financial and telecommunications regulation.

The agenda can be found at the link above which includes links to key speeches and presentations (videos coming soon).  This workshop follows on from the 2016 intervention where several key issues to Caribbean DFS were uncovered including:

A channel hosting the videos of presentations and panel discussions for the 2016 workshop has been created by UN ECLAC.

Senator The Hon. Darcy Boyce (Barbados) in his opening remarks outlined some areas of key concern for regulators in consideration of financial innovation and DFS, while continuing from the 2016 workshop, the audience was again presented with an examination of mobile money within the Caribbean. This time the emphasis was moved from Haiti to Jamaica where Dr. Maurice McNaughton (UWI) laid out the process by which interactions between the regulator and potential services providers eventually yielded mobile financial services products being brought to market which could facilitate, amongst other types of transactions, Government to Person (G2P) payments.

Within a panel focused on consumer protect in mobile financial services, Dr Kevin Butler of the University of Florida, provided insights into his research into application security (or lack thereof) within a sample of mobile payments apps from several providers. The audience also learnt of concepts which can be utilized to create an enabling regulatory environment for financial innovation, such as sandboxing as presented by Nikola Tchouparov, who has served within two distinct entities which were part of the two cohorts of the UK’s Financial Conduct Authority regulatory sandbox.  Additionally, some of the essential points derived from the opening and closing panels where this author directly participated are listed below:

  

DFS Session 1:   Mini-case exploration: Encouraging participation in the digital economy

Panelists: Hon. Melford Nicholas (Antigua & Barbuda), Jason Julien (FCB), Robert De Gannes (Entrepreneur), Glynis Alexander Tam (InfoLink) ; Moderator Shiva Bissessar (Pinaka Technology Solutions)

There is an immediate market available to Caribbean entrepreneurs as comprised of 60M strong diaspora desirous of Caribbean goods which includes cultural goods digital or otherwise.  A better response is required to the needs of our entrepreneurs in having access to this market via the ability to receive payments.  We must leverage technology and innovation to provide for our entrepreneurs while taking into consideration international standards for compliance and controls
  
DFS Session 9:  Next Steps
Panelists: Hon. Darcy Boyce (Barbados), Vashti Maharaj (AG Office, GoRTT), Shiva Bissessar (Pinaka Technology Solutions); Moderator;  Kwesi Prescod

The proposal for a think tank initiative to provide further research into identifying problems and examining potential solutions (from multiple perspectives) such as how tech/innovation can assist the correspondent bank / de-risking problem, Caribbean intra-regional settlement (and FX challenges) and payment system deficiencies, must be examined further to identify potential sources for funding to make it a reality.

Next Steps

The efforts of the UN ECLAC in performing DFS research (digital currency in Caribbean report & prospects for blockchain in de-risking paper) and the efforts of the ITU in bringing enlightenment on DFS issues to Caribbean audiences needs to be applauded.

It is hoped that other actors can now match these efforts and play an active role in the research and development of DFS locally and regionally while identifying and utilizing Caribbean expertise, rather than ‘parachuting in’ foreign expertise, as we are often prone to do. Actors which can potentially play a role here includes:

  • Financial regulators (CBTT, TTSEC, FIU)
  • The National Payments Council
  • The Economic Development Advisory Board
  • The Chamber of Commerce

These parties should review their mandates in accordance with the benefits of DFS and create efforts to ensure Trinidad and Tobago is not left out of the opportunities afforded by FinTech and DFS, while simultaneously addressing risks.

Internet of Things (IoT)

Immediately preceding this workshop, these parties were also involved in the hosting of the Internet of Things (IoT) Smarter Living in the Caribbean forum over the period 24th – 26th April 2017.  Below are some of the key points from this event.

Session 8:  IoT Security + Privacy: policy, legislation, regulation and infrastructure

Panelists: Trevor Forrest (Government ICT adviser, Jamaica), Vashti Maharajh (AG Office, GoRTT), Julian Wilkins (CANTO), Bruno Ramos (ITU; remote conf.); Moderator Shiva Bissessar (Pinaka Technology Solutions)

An importation conclusion was formed by the panel which cited that IoT presented a unique challenge given the unique characteristics of having no user interface and lack of user agreement.  This demands re-examination of the policy and regulatory environment and the surrounding legislative context, with respect to user data privacy and societal security.

Light moment shared while discussing the unique challenges which IoT poses to user security and privacy in IoT session 8

IoT Session 9:  IoT Privacy and Information Security: Caribbean requirements and challenges

Panelists: Hon. Catherine Hughes (Guyana), Trevor Forrest (Government ICT adviser, Jamaica), Dr. Kevin Butler (University of Florida), Shiva Bissessar (Pinaka Technology Solutions); Moderator Nigel Cassimire CTU)

Government need to facilitate the development of opportunities which can foster the growth of an ecosystem of cyber security professionals capable of ising to the challenge of IoT cyber security.

 

Definitely one of the more memorable moments from IoT forum was the participation of several youth ICT innovators and entrepreneurs who showed off their wares in the area of IoT; in particular the audience appreciated the contributions from Cottage IT via Theo Boomsma and one of his proteges Julie Sundar, both hailing from Suriname.

The Need for Developing a Cyber Security Ecosystem of Professionals

Snapshot showing Caribbean ‘attack’ activity from Norse

 

Over the period 6th and 7th February, 2017, it was my honour and privilege to participate in, and make contributions to, a closed expert group meeting to assess future threats as executed by a national intelligence agency. The following is the paper I presented on developing cyber security capacity to meet future challenges.

 

Introduction

 

The cyber security implications of technological advancements, such as, the Internet of Things (IoT) or smart technologies, along with the possibility of cyber warfare and realities of cybercrime are thought-provoking areas around which intelligence agencies must develop threat awareness. However, a more significant threat which will affect the cyber security of Trinidad and Tobago over the next five years is lack of an environment which can stimulate and foster the growth of local cyber security professionals.

Indication of such a deficient environment can be gleaned from the examples below.

  • At a government agency with responsibility for implementation of the national strategy towards Information and Communication Technology (ICT), a senior position with responsibility for cyber security has been vacant since 2010.
  • At “M4 an event by Microsoft” held in Nov 2014, Mr. Roberto Arbelaez, Chief Security Advisor for the Americas at Microsoft, stated that he knew many world class Information Security professionals of Trinidadian heritage. However he went on to state that unfortunately they all worked outside of Trinidad and Tobago.
  • At a 2016 Christmas dinner event for an association of lawyers, a prominent lawyer lamented that Trinidad lawyers, having opted not to pursue continuing education, were lacking in areas of increasing import including cybercrime[1].

While this may be considered anecdotal evidence, the lack of attention to cyber security does not allow for formal research to provide proper evidence on the state of cyber security locally.

 

Cyber security ecosystem of professionals

Within their research Thomas et al illustrate the cybercrime underground economy as a complex ecosystem of actors within a value chain where profit centres are built upon underlying support infrastructure.  This allows criminal entrepreneurs to devise scams by procuring the necessary resources al a carte; taking advantage of specialization and economies of scale and resulting in a web of interactions which potentially span the globe. One can argue that such a criminal ecosystem, like many other cyber security threats, can only be disrupted by an equally powerful cyber security ecosystem of professionals.

 

 

In their paper “Framing Dependencies Introduced by Underground Commoditization”, Thomas et al illustrate the value chain relationships between various entities to scam victims as potentially spanning the globe

What response can Trinidad and Tobago provide to the threat of cybercrime? Working in our favour we do have efforts to bolster the capacity of the cybercrime unit of our law enforcement arm and there have been several attempts to address lacunas which exist in our existing legislative framework to address cybercrime. Additionally, Trinidad and Tobago is progressing in the development of a CSIRT and can boast of participation in regional efforts coordinated by international bodies such as the Commonwealth Secretariat (ComSec) and the Organisation of American States (OAS) towards addressing cyber security deficiencies.

However, in pronouncing on the results of five regional cyber security needs assessment exercises at the Caribbean Stakeholders Meeting; Cyber Security and Cybercrime, in April 2016 (CSMII), ComSec bemoaned the fact that there still exists a lack of awareness on cybercrime and lack of basic cyber hygiene within the private sector and within regional governments. The Commonwealth Telecommunications Organization also cited a lack of human resources and political support as challenges towards the implementation of cyber security strategies.

Close observation of the availability of opportunities to work on the development of cyber security regionally would reveal a predominant approach where international bodies work exclusively with assigned public sector employees.  Given the highly sensitive nature of the work involved in cyber security, such an approach is expected; however at a national level we may be missing out on opportunities for broader capacity development when such opportunities arise or when training occurs.  For example, a representative of a multinational which routinely provides cyber security capacity building exercises to law enforcement across the globe previously divulged that suitably qualified private sector experts can participate in these exercises if they are appropriately recognized by law enforcement personnel.

Hence, a more inclusive approach needs to be found to ensure that a national pool of talent, at all levels, is being developed today to address unknown future needs.  The status quo will forever bind us to a dependency upon the importation of expertise or hopefulness towards the return of qualified diaspora who wish to contribute to developing cyber security.  The up-skilling of a national pool of experts also presents Trinidad and Tobago with opportunity in providing exportable resources both regionally and internationally as others seek to develop cyber security.

Beyond the need for a coordinated approach to develop a cyber security pool of talent, there seems to have been an emphasis on getting legislation in place while the technical controls, which can actually prevent threats from becoming exploited, are not given due attention.  This position was also articulated by Mr. Arbelaez, at the Caribbean Stakeholders Meeting (CSMI) in May 2014.

Are we lagging behind regionally?

 

Awareness, capacity development and technical controls are all areas which require attention to adequately build threat response capability over the next five years and there is much we can learn from our own Caribbean neighbour, Jamaica.  Having delivered presentations in November 2016 at three conferences in Jamaica as hosted by the Jamaica Computing Society, UWI Mona (4th National Cyber Security Conference) and the Jamaica Bar Association (Continuing Legal Education)[2], I can personally attest to a comparatively more mature response towards cyber security.

Presented on UN ECLAC sponsored research into opportunities and risk of digital currency within the Caribbean at the Jamaica Bar Association, Continuing Legal Education, Annual Week-end Conference 2016

 

Such fora have been productive towards supporting and encouraging local capacity development of technical capabilities in the private sector and building public awareness on cyber security.   At Jamaica’s 3rd National Cyber Security Conference in 2015, the audience was challenged to consider cyber security as an opportunity for the growth of an industry and economic development, rather than a threat, in the same vein as highlighted above.  It is interesting to note that these fora also exemplify what a cyber security professional ecosystem should look like with active participation from technical professionals, policy/regulatory/legal professionals, academics and civil society.

Moving forward

 

We need to ask some difficult questions if we are to position ourselves to cope with future cyber security threats:

  • Can we define if there is a community of experts exists in Trinidad and Tobago focusing on cyber security; and if yes, who are the persons comprising this community?
  • Is this a formal community or a loosely defined community which comes together temporarily during exercises such as this one?
  • Does its membership lean towards greater participation from the public sector or the private sector?
  • Is there recognition that private sector interest from a Small Medium Enterprise (SME) is not the same as the private sector interest of a large commercial entity?
  • How are potential candidates encouraged to contribute within this community?
  • Is the community comprised in such a way that both of fresh ideas and a wealth of experience are expressed in deliverables?
  • Do the participants of this community come from different professions, back grounds and skill sets?
  • Can such a community adopt value chain relationships to be transformed into an active ecosystem[3] of professionals seeking to promote national cyber security?
  • Can this forum be the catalyst in the formation of such an ecosystem?

 

 

Recommendations

 

In conclusion the following recommendations can be put forward for consideration in the development of the aforementioned ecosystem of professionals

 

  1. Cyber security must be given recognition as a field of specialization and not be simply lumped under ICT. Such recognition should extend to the appointment of national champion to oversee the development of cyber security locally.
  2. Establish a national consultative body for cyber security which can serve as a sounding board for various plans towards developing cyber security. The membership of such a body cannot be exclusively comprised of public sector employees and large corporate entities.  It must include cyber security focused SMEs.  This formal body will lead to the formation of the informal cyber security ecosystem of professionals.
  3. Encourage participation from the private sector in local and regional meetings being facilitated by the aforementioned international bodies, for example ComSec and OAS. Appropriately qualified entities from this set should also be invited to participate in the training and capacity building exercises arising from such meetings.  Support for such entities should include financial assistance to participate.
  4. Assessment of institutions which are deemed critical infrastructure as well as a key Ministries and agencies.  The organizational structure of these bodies should reflect cyber security maturity extending to the roles and responsibilities of key personnel dedicated towards cyber security.  A comprehensive set of Information Security policies and audit mechanisms also need to be defined for such organisations.
  5. Information Security Governance training needs to be administered to boards and senior management of various key organisations. Additionally, Information Security Awareness training needs to be administered for the general population of employees.
  6. Alignment between the academic institutions, the national development needs scholarship system and the intake of graduates into the public and private sectors needs to take place to ensure that Information Security professionals are being developed academically and professionally. There also needs to coordination with corporate entities towards the creation of funding for cyber security research.
  7. The Government needs to facilitate the creation of opportunities within the private sector to build and develop competencies which they can call upon in the future. We need security researchers, writers, lecturers, practitioners, policy makers, legal specialists and technical experts to name but a few. The government must lead by example and procure services from fledgling entities seeking to provide services in cyber security.
  8. Information Security awareness training needs to be conducted extensively within the primary and secondary school system.
  9. Take advantage of training and capacity development exercises from international bodies and multinational corporate entities to up-skill the national pool of experts (public and private sector) towards the goal of developing cyber security for economic development.

 

[1] CNC3 News, Nov 2016

[2] Presentation to the Jamaica Bar Association was on the digital currency which also has emerging threat and cyber security dimension to it.

[3] It is important to recognize that an ecosystem differs from a community in that an ecosystem speaks to a non-siloed approach, coordination and symbiotic relationships towards growth of entities.

Are we on track for sustainable Caribbean cyber security development?

 

 

i-sqVbpDt-XL

Government agency representatives share their nations’ experiences having participated in Commonwealth Secretariat’s needs assessment exercises. Left to right; Antoinette Lucas-Andrews (Trinidad & Tobago), Eric Nurse (Grenada), Bennett Thomas (Dominica), Clifford A Bostic (Barbados) and Luxmore Edwards (Antigua and Barbuda). Photo Credit, Caribbean Telecommunications Union

The Caribbean Telecommunications Union (CTU) in conjunction with the Commonwealth Secretariat (Secretariat) recently hosted the Caribbean Stakeholders’ Meeting II – Cyber Security and Cybercrime (CSMII) in St. Lucia over the period 16th – 19th of March 2016.  The event sought to bring together senior stakeholders from various regional governments, international organisations focused on cybercrime and some members of the private sector to develop a “regional action plan” which would serve as a defined strategy for the development of programmes supporting a regional cyber security thrust when seeking donor funding.

The Secretariat has been playing a role in regional cyber security development via the Commonwealth Cybercrime Initiative (CCI) which has thus far administered interventions in the form of national needs assessments in five different Caribbean nations, as captioned above. Upon request from member states for assistance, a CCI mission team, including at least one technical expert and one criminal justice expert, is assembled from the CCI consortium of over 35 international organisations, such as; the Commonwealth Telecommunication Organisation (CTO), Council of Europe (CoE), International Telecommunications Union (ITU) and the Organisation of American States (OAS).  The mission team executes a gap analysis which leads to the production of the needs assessment report, the priorities of which are decide upon with guidance from the beneficiary member state.  An action plan is then produced for the beneficiary member state which contains commitments from consortium members towards specific identified needs.

Cyber security development needs to emerge from within

 

In the presentations by aforementioned regional representatives who were involved in these various national needs assessments exercises, three of the five representatives mentioned the lack of university graduates with cyber security training as a challenge.  During Q&A this author pointed out that an absence of university graduates with a degree specific to “cyber security” doesn’t mean that existing degree holders cannot be exposed to training and capacity building exercises designed to create such expertise at the technical, policy development or strategic levels.  It was also emphasized to the panel that when regional governments are seeking assistance from bodies such as the CCI, it is important to have local private sector subject matter experts participate in such exercises for the sake of building capacity outside of the public sector.  Contributing from the floor, Kerry-Ann Barrett of the OAS stated that they often encourage the national representatives with whom they interact, to have an inclusive approach with as wide an array of voices participating in national cyber security development exercises, even if the national representatives do not necessarily agree with the views of such voices.

The importance of adopting such an approach is that you tend to avoid the possibility of groupthink.  In relating the experiences of Dominica’s needs assessment exercise, Bennett Thomas related the experience of receiving a voluminous opinion from a representative of the CoE, which was critical of path being then defined for cybercrime legislation in certain Caribbean territories as manifest via the EGRIP model law exercise.

In commenting on the issue of where to find skilled resources, Anthony Teelucksingh of the U.S. Department of Justice encouraged participants to “leverage domestic expertise”, strive for cooperation from the private sector and seek solutions from within their own backyard.

Hence, bodies such as CARICOM IMPACS (which is the regional organisation charged with the responsibility for Caribbean cyber security), the CTU and ultimately regional governments need to do more towards actively supporting the development of Caribbean cyber security experts outside of the public sector.

 

Results for the various Caribbean needs assessments exercises showing recurring themes

Results for the various Caribbean needs assessments exercises showing recurring themes

 

Crypto currency features as risk and opportunity

*Within this article the terms crypto, digital and virtual currency are used interchangeably

 

In describing the emerging threat landscape, both INETRPOL and the Secretariat made mention of crypto currency as a challenge, while the former also singled out a greater use of the Darknet, and the Federal Bureau of Investigations (FBI) cited Business E-mail Compromise (BEC) scams, as additional threats.  Both the Darknet, where illicit and illegal goods are bought and sold in online recesses, and BEC scams were described as utilizing crypto currency as payment mechanisms.  The Secretariat later presented examples of intercepted communications from online forums illustrating apparent Caribbean users seeking ways to launder money utilizing Bitcoin and trading Bitcoin for purchase of airline ticket using a stolen credit card. However, the Secretariat also emphasized the potential benefit of virtual currencies.

As recognized in published reports by both the United Nations Economic Commission for Latin America and the Caribbean (UNECLAC) and the Commonwealth Secretariat Working Group on Virtual Currencies, there are both opportunities and risk with the advent of digital currency in the Caribbean; hence, regional leaders would be well advised to avail themselves of  expertise on this topic.  This author is currently assisting the International Telecommunications Union (ITU) towards the design and execution of a three day workshop entitled “Exploring Innovation in Transactions & Financing in the Caribbean” which will be held in Trinidad and Tobago from 1st – 3rd June 2016. This event is designed to assist Caribbean telecommunications and financial policymakers and regulators understand how financial services innovation, including mobile money and digital currency, can benefit their territories while providing them with insights on how to contain risks.

eclac comsec itu

Opportunity for “twinning” of efforts and synergies between these UN ECLAC and ITU Caribbean based efforts and the Commonwealth Secretariat’s  own efforts in area of digital currency

Building Sustainable Capacity

 

Antony Ming of the Secretariat highlighted the fact that the various regional needs assessment exercises revealed there was a significant lack of awareness on cybercrime and lack of basic cyber hygiene both within regional governments and the private sector. Citing deficiencies in capacity building, he advocated for building sustainable capacity and urged participants not to engage in “drive by training” where someone is imported to perform a few training sessions, who then leaves, advocating instead for more sustainable programmes. He stated that IT professionals needed to be engaged and academic and technical/vocational institution need to integrate cyber security into their curriculum.

In presenting the DRAFT action plan, risks were highlighted which include:

  • Low political and administrative priority by member states to implement programs.
  • Lack of capacity and capability by member states to implement and sustain the programs
  • Change in Government resulting in changing priorities

The presence of such risks supports the need to divest the impetus to develop cyber security beyond the lead governmental actor and involve the private sector; both large entities and Small Medium Enterprises (SMEs) alike.

 

Conclusion

 

The CSMII meeting was a success, yielding a regional cyber security action plan which was presented to, and endorsed by, several regional government ministers present at the meeting.  The draft plan reviewed contained very interesting ideas which would be beneficial to Caribbean cyber security should they become implemented; however, is this enough?

Cyber security demands international co-operation and assistance and the CCI etc. are willing and able to assist; however we continue to look outward for international solutions to our problems while not investing enough in the future growth of our own experts internally.  Capacity building does not have to be an end state deliverable; instead, it can occur simultaneous to the development of these efforts by including local and regional private sector subject matter experts within the present dialogue being undertaken by government and quasi government agencies and aforementioned international organisations.  We need to be creating opportunities for development of nascent cyber security specialists.

One of the issues I had with the forum was that the time allotted to reviewing the already prepared draft action plan was extremely short and the use of workgroups for such review created the appearance of detailed review and consensus which isn’t necessarily the case.  For example, one member of the workgroup I participated in called out another member of the group for what seemed to be attempts to hijack control of the session away from the group leader.  Do we really want poor group dynamics to upstage beneficial output?

CARICOM IMPACS and the CTU need to build out a network of regional private sector subject matter experts they can utilize to review and provide feedback to proposals they receive from international organisations or towards the scoping of their own requirements, within an adequate timeframe.  Such an approach will add an extra layer of legitimacy to the outputs of such future meetings and agreements while also creating opportunities for development of Caribbean cyber security experts.  They also need to address public outreach on such matters to ensure the public is engaged and that stimulating conversation continues in the public domain long after these events occur. Public written record of such events will be read by the next set of emerging experts; hence, there should be defined mechanisms for quality reporting and dissemination of such record of events. There is an appetite for such material; however I’ve noted a lack of corporate support for such activity, unless there is a specific product pitch.  These two points are essential components for any regional push to develop a functional cyber security ecosystem.

We must plot a course which will move us past seeking assistance to actually being in a position to provide assistance to international efforts.  For example, the Secretariat’s Working Group on Virtual Currencies has issued recommendations which calls for member states to provide consumer awareness and calls for education and training of law enforcement and the judiciary, on the matter of virtual currency. Given the significant work completed by UN ECLAC in this area, the Caribbean is well positioned to provide assistance to the Secretariat and its member states desirous of following these recommendations.  This is but one example of how the Caribbean can contribute on a global scale in the area; can you think of others?

 

CSMII photos

CSMII presentations

Related Articles:

T&T Cybercrime bill demands multi-stakeholder input (July 2014)

Are Caribbean Cybercrime bills based on flawed model law (June 2015)

Exploring digital currency and E-payment in the Caribbean

*This post was initially carried by the Trinidad Express, Sept 29th

**While reference is made within this piece to a study and report, the opinions expressed are my own.

 

DSC_7111

Figure 1: UN ECLAC 1st EGM: (Left to Right) ECLAC’s Deputy Director (Ag.) and Associate Information Management Officer. Dillon Alleyne and Robert Williams, respectively & consultant, Shiva Bissessar (courtesy UN ECLAC)

In November 2014 The UN Economic Commission for Latin America and the Caribbean (ECLAC) commenced a study entitled “Opportunities and risks associated with the advent of digital currency in the Caribbean”, where yours truly was selected as the consultant to perform the required research and write the final report.  The study sought to introduce the Caribbean to the phenomenon of digital currency and explore the opportunities and risks which arise from application of this innovation within the Caribbean.  The work was performed in the context of continued regional deficiencies in electronic payment infrastructure (e-commerce and mobile money) and the appearance of service providers seeking to provide solutions in response to these deficiencies including digital currency service providers.

The study brought together key stakeholders within the Caribbean involved in activities toward the development of better electronic payment infrastructure. These stakeholders included:

  • E-commerce providers & software developers desirous of more responsive payment infrastructure
  • Mobile wallet & digital currency service providers seeking entry in the Caribbean
  • Central Bank Policy and Anti-Money Laundering (AML) senior representatives
  • Government senior legal representative
  • Finance academia representative

These parties were identified and invited to participate in two Expert Group Meetings (EGM).  The 1st EGM was essential towards data collection of the views and positions of the aforementioned while the 2nd EGM was used to review a final draft of thereport.  The summaries of these meetings remain the only public output of this study to date.

The study also served to conduct a formal survey of some of the region’s Central Banks as to their awareness on digital currency and mobile money in the evolving landscape of electronic payments. The study was intended to provide Caribbean authorities with enough information for them to begin the process of performing a balanced evaluation of opportunities and risks associated with digital currency in the Caribbean.

Key Takeaways

*As the study remains unpublished, there are limits as to what can be discussed, however some aspects as made public in the EGM reports are referenced.

The study uncovered evidence of longstanding deficiencies in electronic payment systems within the Caribbean which has forced e-commerce vendors to rely on workaround methods to receive payments.  The deficiencies manifest as prohibitive charges and burdensome requirements placed on vendors to acquire local merchant accounts with the ability to receive credit card payment.  This has forced certain vendors to take a path of least resistance and resort to external payment providers such as Paypal, rather than contend with the expensive red tape laden scenario as posed by local banks.

The study also uncovered instances of vendors seeking to provide mobile money and digital currency solutions, including remittance solutions, within certain Caribbean territories.  However, given the innovativeness of the solutions these vendors were seeking to provide, their regulatory uncertainty and the largely risk averse commercial banking sector, such vendors have had difficulty in acquiring bank accounts to provide their services.  Indeed, it is worth noting that a low return of completed survey instruments was experienced within the study, in seeking feedback from regional Central Banks.

If we were to compare the approach towards digital currency within the Caribbean against that of a first world capital of finance e.g. London, we would find that a predominantly unacquainted and conservative approach dominates the Caribbean mindset, with many in authority focusing on the weaknesses of digital currency. Contrast this with the approach taken by the UK’s HMRC in March 2015 where intentions towards standardisation in consumer protection and AML regulation of digital currency were announced while also allocating £10M towards further research.  The contrast is illustrated below.

Fullscreen capture 9132015 31610 PM.bmp

Figure 2: The Caribbean seems to be stuck focusing weaknesses of digital currency while global finance capitals are improving on weaknesses and exploiting opportunities. (Bissessar, 2014 & 2015)

 

Hence, if the full benefits of digital currency are to be achieved within the Caribbean we cannot continue to rely on traditional actors as noted in the 2nd EGM meeting notes (item #47).

“In discussion on the conclusion of the study, the consultant expressed the view that the current target audience for the study may need to be shifted away from central bankers. He noted that central bankers have demonstrated a reticence to officially comment on the process, as suggested by their lack of response to the survey instrument. He expressed the view that central banks as regulators tend towards deference on the concerns of international finance bodies, which invariably raises the level of risk aversion. This institutional environment does not augur well for the encouragement of technological innovation in the region. He suggested that perhaps if the focus of the study’s discussion shifted towards academics and the technology and innovation sector, more traction could be gained toward regional engagement with issues surrounding digital currencies, and the momentum could be built upon to encourage a more active role on the part of regulators. He also noted that it was not the role of the study to sell regulators on the benefits of these technologies, but rather to bring legitimacy to the debate around digital currencies and to encourage local and regional authorities to treat with the issue objectively, rather than with a sole focus on risk.”

 

Relevance of this Caribbean study 

In February 2015 the Commonwealth held the Virtual Currency Round Table which was attended remotely by Mr. Robert Williams of ECLAC who articulated the objective evaluation of both opportunities and risks of digital currency which the ECLAC study was achieving within the Caribbean region.  Also participating in this meeting was Jamaica’s Director of Legal Reform within the Ministry of Justice, Mr. Maurice Bailey who also actively participated in, and commended the efforts of, the study within the 2nd ECLAC EGM in April 2015.  Subsequently, the Commonwealth Working Group on Virtual Currencies (CWGVC) released conclusions from their meeting in Aug 2015  as shown below:

 

CONCLUSIONS

The Group agreed that:

  • Virtual currencies have a potential to benefit Member States and to drive development;
  • The use of virtual currencies has benefits and risks;
  • Awareness, education and funding for training for law enforcement, prosecutors, judges, regulatory authorities and the financial sector are needed;
  • Member States should consider developing and improving the capacity of law enforcement especially in the areas of digital forensics and analytics;
  • Member States should consider the applicability of their existing legal frameworks to virtual currencies and where appropriate they should consider adapting them or enacting new legislation to regulate virtual currencies;
  • Legal frameworks should address risks and vulnerabilities, be technologically neutral and avoid stifling innovation;
  • Member States are encouraged to implement the FATF Guidance for a Risk Based Approach to Virtual Currencies (June 2015);
  • The Commonwealth Secretariat should create a digital repository of best practice and model regulations as part of an online community to assist Member States in developing policy; and
  • Relevant technical terms should be clearly defined in the guidance to be made available to Member States.

OUTCOMES

The Group resolved upon the following outcomes (the ‘Outcomes’):

  • to complete a report on the prevalence and impact of virtual currencies within one (1) month;
  • to convene again in early 2016 to consider draft technical guidance for member states on virtual currencies; and
  • to continue to raise awareness and develop capacity building on virtual currencies within the Commonwealth

 

Various aspects cited within the CWGVC conclusions are treated with in the ECLAC study including:

  • Discussion of some possible distinct benefits to the Caribbean
  • Discussion of anonymity (relevant to law enforcement, prosecutors, digital forensics etc.)
  • Discussion of treatment options re: policy and regulatory development, FATF guidelines

Hence, this ECLAC study can contribute to the overall best practice, awareness and capacity building efforts as mandated within the CWGVC conclusions.  The Caribbean therefore has the opportunity to be recognized as being early and taking a forward thinking and balanced approach towards getting ahead of the game with respect to this emerging financial innovation.