CSSF Issues Circular on Guidelines for Managing ICT and Security Risk
CSSF published a circular (20/750) that implements the EBA guidelines on management of information and communication technology (ICT) and security risks. In this circular, CSSF explains that it has integrated the EBA guidelines into its administrative practice and its regulatory approach to promote the convergence of supervisory practices in this area at the European level. The circular specifies that content of the ICT guidelines also corresponds to the expectations of CSSF concerning the risk management measures and the control and security mechanisms, as mentioned in the Law, dated April 05, 1993, on the financial sector and the Law, dated November 10, 2009, on payment services. The circular came into force on the date of its publication—that is, August 25, 2020.
The annex to the circular provides the EBA guidelines on management of ICT and security risks. The guidelines set out expectations on the way in which all financial institutions should manage their internal and external ICT and security risks. The guidelines provide financial institutions with a better understanding of supervisory expectations for the management of these risks, covering sound internal governance, information security requirements, ICT operations, project and change management, and business continuity management.
Related Links (in French)
Effective Date: August 25, 2020
Keywords: Europe, Luxembourg, Banking, ICT Risk, Operational Risk, Proportionality, EBA, CSSF
Previous Article
CMF Amends Treatment of State Guarantees for Calculation of RWAsRelated Articles
FCA Consults on Regulation of International Firms in UK
FCA is consulting on its approach to the authorization and supervision of international firms operating in UK.
MAS Amends Notice on Capital Adequacy Requirements of Banks
MAS published amendments to Notice 637 on the risk-based capital adequacy requirements for reporting banks incorporated in Singapore.
FCA to Begin to Move Firms to New Data Collection Platform RegData
FCA announced that it will move firms to RegData from Gabriel in the coming months in stages, based on the reporting requirements of firms.
APRA Reviews Repayment Deferral Plans, Identifies Best Practices
APRA has concluded its review of the comprehensive plans of authorized deposit-taking institutions for the assessment and management of loans with repayment deferrals.
ESAs Assess Risks to Financial Sector After COVID-19 Outbreak
ESAs (EBA, EIOPA, and ESMA) published the first joint report that assesses risks in the financial sector since the outbreak of the COVID-19 pandemic.
BoE Confirms Withdrawal of COVID Corporate Financing Facility
BoE and HM Treasury confirmed that the COVID Corporate Financing Facility (CCFF) will close for new purchases of commercial paper, with effect from March 23, 2021.
ESAs Launch Survey on Templates for Product Disclosures Under SFDR
ESAs launched a survey seeking feedback on the presentational aspects of product templates under the Sustainable Finance Disclosure Regulation (SFDR or Regulation 2019/2088).
ECB Proposes Integrated Reporting Framework to Reduce Burden for Banks
ECB published input of the European System of Central Banks (ESCB) into the EBA feasibility report on reducing the reporting burden for banks in EU.
EC Deems UK Framework for CCPs Temporarily Equivalent to EMIR Rules
EC adopted a decision determining, for a limited period of time, that the regulatory framework applicable to central counterparties, or CCPs, in the UK and Northern Ireland is equivalent to the requirements laid down in the European Market Infrastructure Regulation (EMIR or Regulation 648/2012).
EBA to Phase Out Guidelines on Loan Repayment Moratoria
EBA has decided to phase out the guidelines on legislative and non-legislative moratoria of loan repayments, in accordance with the earlier specified end of September deadline.
