FFIEC members (FED, CFPB, FDIC, NCUA, OCC, and State Liaison Committee) issued a joint statement to describe the matters that financial institutions should consider when determining whether to use cyber insurance as a component of their risk management programs. The FFIEC members do not require financial institutions to maintain cyber insurance. The evolving cyber insurance market and the shifting cyber threat landscape may, however, prompt financial institutions to consider whether cyber insurance would be an effective part of their overall risk management programs.
The joint statement notes that cyber-attacks are increasing in volume and sophistication and that traditional general liability insurance policies may not provide effective coverage for all potential exposures caused by cyber events. Cyber insurance could offset financial losses from a variety of exposures—including data breaches resulting in the loss of confidential information—that may not be covered by more traditional insurance policies. Financial institution management should assess the scope of coverage of current insurance and consider how cyber insurance may fit into the overall risk management framework of an institution. As with any insurance coverage, cyber insurance does not diminish the importance of a sound control environment. Rather, cyber insurance may be a component of a broader risk management strategy, which includes identifying, measuring, mitigating, and monitoring cyber risk exposure.
Keywords: Americas, US, Banking, PMI, Cyber Insurance, Risk Management, FFIEC
Previous ArticleCFTC Publishes Paper Analyzing Implementation of Swaps Reform
MAS and Temasek jointly released a report to mark the successful conclusion of the fifth and final phase of Project Ubin, which focused on building a blockchain-based multi-currency payments network prototype.
EBA published phase 2 of the technical package on the reporting framework 2.10, providing the technical tools and specifications for implementation of EBA reporting requirements.
APRA updated the lists of the Direct to APRA (D2A) validation rules for authorized deposit-taking institutions, insurers, and superannuation entities.
PRA updated the statement that provides guidance to regulated firms on implementation of the EBA guidelines on reporting and disclosure of exposures subject to measures applied in response to the COVID-19 crisis.
EBA updated the 2019 list of closely correlated currencies that was originally published in December 2013.
FASB issued a proposed Accounting Standards Update that would grant insurance companies, adversely affected by the COVID-19 pandemic, an additional year to implement the Accounting Standards Update No. 2018-12 on targeted improvements to accounting for long-duration insurance contracts, or LDTI (Topic 944).
APRA updated the regulatory approach for loans subject to repayment deferrals amid the COVID-19 crisis.
BCBS and FSB published a report on supervisory issues associated with benchmark transition.
IAIS published a report on supervisory issues associated with benchmark transition from an insurance perspective.
ESMA updated the reporting manual on the European Single Electronic Format (ESEF).