Solutions
Industries
Moody's Analytics Brands
A-Z Product List
Access Online Products
Moody's Analytics Product Training
Learn about the Moody's Analytics CECL solution
Featured Solution
Current Expected Credit Loss
Moody's Analytics Featured Product
Featured Product
The CreditLens™ Platform
Moody's Analytics Partner Alliance
Moody's Analytics PartnerAlliance
Delivering Solutions Worldwide
Insights
Regulatory News
Webinars-on-Demand
Moody's Analytics Risk Perspectives
Meet Our Experts
Connect With Us
Moody's Analytics Risk Perspectives Magazine
NEWEST EDITION
Risk Perspectives: Managing Disruption
Moody's Analytics Risk Practitioner Community
FEATURED USER GROUP
Risk Practitioner Community
Meet Moody's Analytics Subject Matter Experts
SUBJECT MATTER EXPERTS
Meet Our Leading Experts
Events Calendar
Training
Inquire About Upcoming Events
Meet Our Experts
Connect with us in social media
SOCIAL MEDIA
Connect With Us
Search career opportunities at Moody's Analytics
CAREERS
Search Job Opportunities
Moody's Analytics Conferences
CALENDAR
Events and Webinars
About Us
Regions
Office Locations
Partner With Us
Connect With Us
Join Us
Learn about Moody's Analytics awards
AWARDS
Industry Recognition
Press Releases and News
NEWS
News and Press Releases
Search career opportunities at Moody's Analytics
CAREERS
Search Job Opportunities

ESAs Publish Advice on Cybersecurity and Management of ICT Risk

By Regulatory News

April 10, 2019
Basel III

ESAs published two pieces of Joint Advice in response to the requests of EC in its March 2018 FinTech Action Plan. One Joint Advice pertains to the need for legislative improvements related to Information and Communication Technology (ICT) risk management requirements in the EU financial sector. The second Joint Advice pertains to the costs and benefits of a coherent cyber resilience testing framework for significant market participants and infrastructures within the EU financial sector.

Regarding the need for legislative improvements, in developing the Joint Advice, ESAs' objective was that every relevant entity should be subject to clear general requirements on governance of ICT, including cybersecurity, to ensure the safe provision of regulated services. Guided by this objective, the proposals presented in the Advice aim to promote stronger operational resilience and harmonization in the EU financial sector by applying changes to their respective sectoral legislation. Incident reporting is highly relevant to ICT risk management and allows relevant entities and authorities to log, monitor, analyze, and respond to ICT operational, ICT security, and fraud incidents. Therefore, ESAs call for streamlining aspects of the incident reporting frameworks across the financial sector. Furthermore, ESAs suggest that a legislative solution for an appropriate oversight framework to monitor the activities of critical third-party service providers should be considered.

Regarding the costs and benefits of a coherent cyber resilience testing framework, ESAs see clear benefits of such a framework. However, there are significant differences on the maturity level of cybersecurity, across and within financial sectors. In the short-term, ESAs advise to focus on achieving a minimum level of cyber-resilience across the sectors, proportionate to the needs and characteristics of the relevant entities. Furthermore, ESAs propose to establish, on a voluntary basis, an EU-wide coherent testing framework, with other relevant authorities (taking into account the existing initiatives) and with a focus on Threat Lead Penetration Testing. In the long-term, ESAs aim to ensure a sufficient cyber maturity level of identified cross-sector entities.

To implement the proposed actions, ESAs highlight the required legal basis and explicit mandate, which is necessary for development and implementation of a coherent resilience testing framework across all financial sectors by ESAs in cooperation with other relevant authorities. EC, in the March 2018 FinTech Action Plan, had specifically requested ESAs to map, by the first quarter of 2019, the existing supervisory practices across financial sectors around ICT security and governance requirements and, where appropriate, to consider issuing guidelines aimed at supervisory convergence and enforcement of ICT risk management and mitigation requirements in the EU financial sector and, if necessary, to provide EC with technical advice on the need for legislative improvements. EC had also requested ESAs to evaluate, by the fourth quarter of 2018 (now Q1 2019), the costs and benefits of developing a coherent cyber resilience testing framework for significant market participants and infrastructures within the EU financial sector.

 

Related Links

Keywords: Europe, EU, Banking, Insurance, Securities, Fintech, Cyber Risk, ICT Risk, Operational Risk, Fintech Action Plan, Cyber Resilience, ESAs

Related Articles
News

US Agencies Adopt Rule to Exclude Community Banks from Volcker Rule

US Agencies (CFTC, FDIC, FED, OCC, and SEC) adopted a final rule to exclude community banks from the Volcker Rule, in line with amendments to certain sections of the Economic Growth, Regulatory Relief, and Consumer Protection (EGRRCP) Act.

July 22, 2019 WebPage Regulatory News
News

US Agencies Adopt Amendments to Simplify Regulatory Capital Rules

US Agencies (FDIC, FED, and OCC) adopted a final rule that reduces regulatory burden by simplifying several requirements in the regulatory capital rules for banks.

July 22, 2019 WebPage Regulatory News
News

IA of Hong Kong Delegates Inspection and Investigation Powers to HKMA

HKMA and IA of Hong Kong jointly issued a statement announcing the delegation of the inspection and investigation powers of IA to HKMA, pursuant to the statutory regulatory regime for insurance intermediaries under the Insurance Ordinance.

July 19, 2019 WebPage Regulatory News
News

FSB Extends Implementation Timeline for Policy Recommendations on SFTs

FSB announced adjustments to the implementation timelines for its recommendations on securities financing transactions (SFTs), specifically those related to the minimum haircut standards for non-centrally cleared SFTs.

July 19, 2019 WebPage Regulatory News
News

EBA Single Rulebook Q&A: Third Update for July 2019

EBA published answers to six questions under the Single Rulebook question and answer (Q&A) tool this week.

July 19, 2019 WebPage Regulatory News
News

EBA Report Assesses Regulatory Framework for Fintech Activities

EBA published the findings of its analysis on the regulatory framework applicable to fintech firms when accessing the market.

July 18, 2019 WebPage Regulatory News
News

OSFI Revises Capital Requirements for Operational Risk for Banks

OSFI is revising its capital requirements for operational risk, in line with the final Basel III revisions published by BCBS in December 2017.

July 18, 2019 WebPage Regulatory News
News

OSFI Consults on Revised Principles for Management of Liquidity Risk

OSFI proposed revisions to Guideline B-6 on the principles for the management of liquidity risk.

July 18, 2019 WebPage Regulatory News
News

ESMA Guidance on Disclosures for Credit Rating Sustainability Issues

ESMA published the technical advice on sustainability considerations in the credit rating market, along with the final guidelines on disclosure requirements applicable to credit ratings.

July 18, 2019 WebPage Regulatory News
News

FASB Issues Q&A on Estimation of Expected Credit Losses by Firms

FASB issued a second question-and-answer (Q&A) document that addresses more than a dozen frequently asked questions related to the Accounting Standards Update No. 2016-13 titled “Financial Instruments—Credit Losses (Topic 326): Measurement of Credit Losses on Financial Instruments.”

July 17, 2019 WebPage Regulatory News
RESULTS 1 - 10 OF 3482

© Copyright 2019 Moody's Analytics, Inc. and/or its licensors and affiliates. All Rights Reserved.