Featured Product

    ESAs Publish Advice on Cybersecurity and Management of ICT Risk

    April 10, 2019

    ESAs published two pieces of Joint Advice in response to the requests of EC in its March 2018 FinTech Action Plan. One Joint Advice pertains to the need for legislative improvements related to Information and Communication Technology (ICT) risk management requirements in the EU financial sector. The second Joint Advice pertains to the costs and benefits of a coherent cyber resilience testing framework for significant market participants and infrastructures within the EU financial sector.

    Regarding the need for legislative improvements, in developing the Joint Advice, ESAs' objective was that every relevant entity should be subject to clear general requirements on governance of ICT, including cybersecurity, to ensure the safe provision of regulated services. Guided by this objective, the proposals presented in the Advice aim to promote stronger operational resilience and harmonization in the EU financial sector by applying changes to their respective sectoral legislation. Incident reporting is highly relevant to ICT risk management and allows relevant entities and authorities to log, monitor, analyze, and respond to ICT operational, ICT security, and fraud incidents. Therefore, ESAs call for streamlining aspects of the incident reporting frameworks across the financial sector. Furthermore, ESAs suggest that a legislative solution for an appropriate oversight framework to monitor the activities of critical third-party service providers should be considered.

    Regarding the costs and benefits of a coherent cyber resilience testing framework, ESAs see clear benefits of such a framework. However, there are significant differences on the maturity level of cybersecurity, across and within financial sectors. In the short-term, ESAs advise to focus on achieving a minimum level of cyber-resilience across the sectors, proportionate to the needs and characteristics of the relevant entities. Furthermore, ESAs propose to establish, on a voluntary basis, an EU-wide coherent testing framework, with other relevant authorities (taking into account the existing initiatives) and with a focus on Threat Lead Penetration Testing. In the long-term, ESAs aim to ensure a sufficient cyber maturity level of identified cross-sector entities.

    To implement the proposed actions, ESAs highlight the required legal basis and explicit mandate, which is necessary for development and implementation of a coherent resilience testing framework across all financial sectors by ESAs in cooperation with other relevant authorities. EC, in the March 2018 FinTech Action Plan, had specifically requested ESAs to map, by the first quarter of 2019, the existing supervisory practices across financial sectors around ICT security and governance requirements and, where appropriate, to consider issuing guidelines aimed at supervisory convergence and enforcement of ICT risk management and mitigation requirements in the EU financial sector and, if necessary, to provide EC with technical advice on the need for legislative improvements. EC had also requested ESAs to evaluate, by the fourth quarter of 2018 (now Q1 2019), the costs and benefits of developing a coherent cyber resilience testing framework for significant market participants and infrastructures within the EU financial sector.

     

    Related Links

    Keywords: Europe, EU, Banking, Insurance, Securities, Fintech, Cyber Risk, ICT Risk, Operational Risk, Fintech Action Plan, Cyber Resilience, ESAs

    Featured Experts
    Related Articles
    News

    MAS Concludes Blockchain Payments Prototype Shows Commercial Potential

    MAS and Temasek jointly released a report to mark the successful conclusion of the fifth and final phase of Project Ubin, which focused on building a blockchain-based multi-currency payments network prototype.

    July 13, 2020 WebPage Regulatory News
    News

    PRA Publishes Public Working Draft of XBRL Taxonomy 1.2.0 for Insurers

    PRA published a public working draft, or PWD, of version 1.2.0 of the BoE Insurance XBRL taxonomy, along with the related technical artefacts.

    July 13, 2020 WebPage Regulatory News
    News

    CPMI Report Sets Out Building Blocks to Enhance Cross-Border Payments

    CPMI published a report that sets out nineteen building blocks for a global roadmap to improve cross-border payments.

    July 13, 2020 WebPage Regulatory News
    News

    EBA Publishes Phase 2 of Technical Package on Reporting Framework 2.10

    EBA published phase 2 of the technical package on the reporting framework 2.10, providing the technical tools and specifications for implementation of EBA reporting requirements.

    July 10, 2020 WebPage Regulatory News
    News

    APRA Updates Reporting Validation Rules in July 2020

    APRA updated the lists of the Direct to APRA (D2A) validation rules for authorized deposit-taking institutions, insurers, and superannuation entities.

    July 10, 2020 WebPage Regulatory News
    News

    PRA to Partly Apply EBA Guidelines on Disclosures for COVID Measures

    PRA updated the statement that provides guidance to regulated firms on implementation of the EBA guidelines on reporting and disclosure of exposures subject to measures applied in response to the COVID-19 crisis.

    July 10, 2020 WebPage Regulatory News
    News

    EBA Updates List of Correlated Currencies Under CRR

    EBA updated the 2019 list of closely correlated currencies that was originally published in December 2013.

    July 10, 2020 WebPage Regulatory News
    News

    ESMA Guides on Securitization Repository Data Consistency Thresholds

    ESMA published the final report on the guidelines on securitization repository data completeness and consistency thresholds.

    July 10, 2020 WebPage Regulatory News
    News

    FASB Proposes to Delay Implementation of Insurance Contracts Standard

    FASB issued a proposed Accounting Standards Update that would grant insurance companies, adversely affected by the COVID-19 pandemic, an additional year to implement the Accounting Standards Update No. 2018-12 on targeted improvements to accounting for long-duration insurance contracts, or LDTI (Topic 944).

    July 09, 2020 WebPage Regulatory News
    News

    APRA Updates Regulatory Approach to Loan Deferrals Amid COVID Crisis

    APRA updated the regulatory approach for loans subject to repayment deferrals amid the COVID-19 crisis.

    July 09, 2020 WebPage Regulatory News
    RESULTS 1 - 10 OF 5480