Development of a policy and regulatory framework for mitigating cyberfraud in the South African banking industry

Purpose: Cyberfraud is a global problem, which has negative impacts on the financial institutions, global economy and the public. The existing policy and regulatory frameworks for mitigating cyberfraud in South African banks are not holistic, thus, the purpose of this study is to develop a holistic policy and regulatory framework that integrates the legal, governance, internal control and supervisory frameworks for cyberfraud mitigation in the South African banking industry.Method: ology: The study employs a mixed method comprising of both qualitative and quantitative approaches. A structured questionnaire was developed and made available to selected members of staff of the 17 licensed banks in South Africa. These experts deal directly with the banking operations, administration and customers' services. Non-parametric statistical analysis, specifically the Chisquare, Fischer's Exact, Spearman's correlation and cross tabulation statistics, were employed for the statistical analysis of the data gathered from the survey. From the outcome of the survey, a simplified policy and regulatory framework was developed for the mitigation of the effects of cyberfraud in order to enhance the performance of South African banks.Findings: The outcome of the survey indicated that there is a relationship between the methods of cyberfraud identification and the occurrence of cyberfraud in the South African banking industry. Furthermore, the methods of cyberfraud identification were presumed to be effective based on the evidence presented in this study. Despite this, the effect of cyberfraud perpetration was still found to be detrimental to the South African banks. Practical implications: This study presents a simplified and executable policy as well as regulatory framework for mitigating cyberfaud in South African banks. The proposed policies and regula-tions are geared towards improving cyber resilience and minimising the effects of cyberfraud occurrences.Novelty: Existing works have not sufficiently reported on the integrated policy and regulatory framework for mitigating cyberfraud. Thus, this study developed a simplified integrated policy and regulatory framework for mitigating cyberfraud to enhance the performance of South African banks in the area of cyberfraud mitigation.