“As high as these costs are, they would be far less than a major cybersecurity incident, since successful cyberattacks can result in financial losses, franchise degradation, and regulatory and legal ramifications for lending financial institutions,” warned Moody’s Local Mexico.
In early September, the National Bank and Securities Commission (CNBV) reported that CPM had experienced a “cybersecurity incident” since July and was therefore continuing to exercise oversight responsibilities.
Neither the regulator nor Caja Popular Mexicana have disclosed the extent of the incident and the number and number of people affected.
Moody’s Local México said it will continue to closely monitor the CNBV’s decisions and public information regarding this incident and its potential impact on operations at CPM and other thrifts.
“CNBV’s findings on this particular incident will be fundamental to the market. Since the Savings and Credit Cooperatives (Socaps, commonly known as “Cajas”) are entities that, according to regulations, can attract resources from the Savings Society, it is necessary that there are strict controls and practices (similar to those). of the banking system) to mitigate risks associated with cybersecurity incidents,” Moody’s said.
The company said it identified profitability as the biggest challenge for thrift banks last year as inflationary pressures may have squeezed their margins.
However, as of June 2023, that risk doesn’t appear to have materialized as they’ve increased their return on investments (ROA) to a very strong 3.3% from 2.3% last year.
“The truth is, this incident could also create significant pressure if the regulator’s findings lead to increased cybersecurity measures across the Socap system,” Moody’s said.
CPM is the country’s largest savings bank with 38.2% of the system members (nearly 3.4 million savings bank members) and a consolidation of 37.7% of the Socap system assets.