April 10, 2019

ESAs published two pieces of Joint Advice in response to the requests of EC in its March 2018 FinTech Action Plan. One Joint Advice pertains to the need for legislative improvements related to Information and Communication Technology (ICT) risk management requirements in the EU financial sector. The second Joint Advice pertains to the costs and benefits of a coherent cyber resilience testing framework for significant market participants and infrastructures within the EU financial sector.

Regarding the need for legislative improvements, in developing the Joint Advice, ESAs' objective was that every relevant entity should be subject to clear general requirements on governance of ICT, including cybersecurity, to ensure the safe provision of regulated services. Guided by this objective, the proposals presented in the Advice aim to promote stronger operational resilience and harmonization in the EU financial sector by applying changes to their respective sectoral legislation. Incident reporting is highly relevant to ICT risk management and allows relevant entities and authorities to log, monitor, analyze, and respond to ICT operational, ICT security, and fraud incidents. Therefore, ESAs call for streamlining aspects of the incident reporting frameworks across the financial sector. Furthermore, ESAs suggest that a legislative solution for an appropriate oversight framework to monitor the activities of critical third-party service providers should be considered.

Regarding the costs and benefits of a coherent cyber resilience testing framework, ESAs see clear benefits of such a framework. However, there are significant differences on the maturity level of cybersecurity, across and within financial sectors. In the short-term, ESAs advise to focus on achieving a minimum level of cyber-resilience across the sectors, proportionate to the needs and characteristics of the relevant entities. Furthermore, ESAs propose to establish, on a voluntary basis, an EU-wide coherent testing framework, with other relevant authorities (taking into account the existing initiatives) and with a focus on Threat Lead Penetration Testing. In the long-term, ESAs aim to ensure a sufficient cyber maturity level of identified cross-sector entities.

To implement the proposed actions, ESAs highlight the required legal basis and explicit mandate, which is necessary for development and implementation of a coherent resilience testing framework across all financial sectors by ESAs in cooperation with other relevant authorities. EC, in the March 2018 FinTech Action Plan, had specifically requested ESAs to map, by the first quarter of 2019, the existing supervisory practices across financial sectors around ICT security and governance requirements and, where appropriate, to consider issuing guidelines aimed at supervisory convergence and enforcement of ICT risk management and mitigation requirements in the EU financial sector and, if necessary, to provide EC with technical advice on the need for legislative improvements. EC had also requested ESAs to evaluate, by the fourth quarter of 2018 (now Q1 2019), the costs and benefits of developing a coherent cyber resilience testing framework for significant market participants and infrastructures within the EU financial sector.

 

Related Links

Keywords: Europe, EU, Banking, Insurance, Securities, Fintech, Cyber Risk, ICT Risk, Operational Risk, Fintech Action Plan, Cyber Resilience, ESAs

Related Articles
News

US Agencies Adopt Rule to Exclude Community Banks from Volcker Rule

US Agencies (CFTC, FDIC, FED, OCC, and SEC) adopted a final rule to exclude community banks from the Volcker Rule, in line with amendments to certain sections of the Economic Growth, Regulatory Relief, and Consumer Protection (EGRRCP) Act.

July 22, 2019 WebPage Regulatory News
News

US Agencies Adopt Amendments to Simplify Regulatory Capital Rules

US Agencies (FDIC, FED, and OCC) adopted a final rule that reduces regulatory burden by simplifying several requirements in the regulatory capital rules for banks.

July 22, 2019 WebPage Regulatory News
News

IA of Hong Kong Delegates Inspection and Investigation Powers to HKMA

HKMA and IA of Hong Kong jointly issued a statement announcing the delegation of the inspection and investigation powers of IA to HKMA, pursuant to the statutory regulatory regime for insurance intermediaries under the Insurance Ordinance.

July 19, 2019 WebPage Regulatory News
News

FSB Extends Implementation Timeline for Policy Recommendations on SFTs

FSB announced adjustments to the implementation timelines for its recommendations on securities financing transactions (SFTs), specifically those related to the minimum haircut standards for non-centrally cleared SFTs.

July 19, 2019 WebPage Regulatory News
News

EBA Single Rulebook Q&A: Third Update for July 2019

EBA published answers to six questions under the Single Rulebook question and answer (Q&A) tool this week.

July 19, 2019 WebPage Regulatory News
News

EBA Report Assesses Regulatory Framework for Fintech Activities

EBA published the findings of its analysis on the regulatory framework applicable to fintech firms when accessing the market.

July 18, 2019 WebPage Regulatory News
News

OSFI Revises Capital Requirements for Operational Risk for Banks

OSFI is revising its capital requirements for operational risk, in line with the final Basel III revisions published by BCBS in December 2017.

July 18, 2019 WebPage Regulatory News
News

OSFI Consults on Revised Principles for Management of Liquidity Risk

OSFI proposed revisions to Guideline B-6 on the principles for the management of liquidity risk.

July 18, 2019 WebPage Regulatory News
News

ESMA Guidance on Disclosures for Credit Rating Sustainability Issues

ESMA published the technical advice on sustainability considerations in the credit rating market, along with the final guidelines on disclosure requirements applicable to credit ratings.

July 18, 2019 WebPage Regulatory News
News

FASB Issues Q&A on Estimation of Expected Credit Losses by Firms

FASB issued a second question-and-answer (Q&A) document that addresses more than a dozen frequently asked questions related to the Accounting Standards Update No. 2016-13 titled “Financial Instruments—Credit Losses (Topic 326): Measurement of Credit Losses on Financial Instruments.”

July 17, 2019 WebPage Regulatory News
RESULTS 1 - 10 OF 3482