CSSF Issues Circular on Guidelines for Managing ICT and Security Risk
CSSF published a circular (20/750) that implements the EBA guidelines on management of information and communication technology (ICT) and security risks. In this circular, CSSF explains that it has integrated the EBA guidelines into its administrative practice and its regulatory approach to promote the convergence of supervisory practices in this area at the European level. The circular specifies that content of the ICT guidelines also corresponds to the expectations of CSSF concerning the risk management measures and the control and security mechanisms, as mentioned in the Law, dated April 05, 1993, on the financial sector and the Law, dated November 10, 2009, on payment services. The circular came into force on the date of its publication—that is, August 25, 2020.
The annex to the circular provides the EBA guidelines on management of ICT and security risks. The guidelines set out expectations on the way in which all financial institutions should manage their internal and external ICT and security risks. The guidelines provide financial institutions with a better understanding of supervisory expectations for the management of these risks, covering sound internal governance, information security requirements, ICT operations, project and change management, and business continuity management.
Related Links (in French)
Effective Date: August 25, 2020
Keywords: Europe, Luxembourg, Banking, ICT Risk, Operational Risk, Proportionality, EBA, CSSF
Previous Article
APRA Proposes to Amend EFS Reporting Standards and GuidanceRelated Articles
APRA Issues Interim Update to Policy Priorities for 2021 and Beyond
In a letter addressed to the industry, the Australian Prudential Regulation Authority (APRA) set out an updated schedule of policy priorities for the banking, insurance, and superannuation industries.
EC Adopts Solvency II and Resolution Rules Package for Insurers
The European Commission (EC) adopted a comprehensive review package of Solvency II rules in the European Union.
OCC Issues Booklets on Regulatory Reporting and Earnings
The Office of the Comptroller of the Currency (OCC) issued Versions 1.0 of the "Earnings" and "Regulatory Reporting" booklets of the Comptroller's Handbook.
ECB Sets Out Results of Economy-Wide Climate Stress Tests
The European Central Bank (ECB) published results of its economy-wide climate stress test, which aimed to assess the resilience of non-financial corporates and euro area banks to climate risks.
EBA Examines Implications of Increasing Use of Digital Platforms in EU
The European Banking Authority (EBA) published a report on the use of digital platforms in the banking and payments sector in European Union.
HKMA Issues Updates on Policy Measures Intended to Ease COVID Impact
The Hong Kong Monetary Authority (HKMA) published updates on the policy measures that were announced in context of the ongoing pandemic.
ISDA Responds to BCBS Proposal on Treatment of Cryptoasset Exposures
The International Swaps and Derivatives Association (ISDA), along with several other associations, submitted a joint response to the Basel Committee on Banking Supervision (BCBS) consultation on preliminary proposals for the prudential treatment of cryptoasset exposures.
BIS Quarterly Review Discusses Developments in Fintech and ESG Space
BIS published the September issue of the Quarterly Review, which contains special features that analyze the rapid rise in equity funding for financial technology firms, the effectiveness of policy measures in response to pandemic, and the evolution of international banking.
BCBS to Consult on Supervisory Practices for Climate Risks by Year-End
The Basel Committee for Banking Supervision (BCBS) met in September 2021 and reviewed climate-related financial risks, discussed impact of digitalization, and welcomed efforts by the International Financial Reporting Standards (IFRS) Foundation to develop a common set of sustainability reporting standards
OCC Identifies Operational Risk Deficiencies in MUFG Union Bank
The Office of the Comptroller of the Currency (OCC) issued a Cease and Desist Order against MUFG Union Bank for deficiencies in technology and operational risk governance.
