CSSF Issues Circular on Guidelines for Managing ICT and Security Risk
CSSF published a circular (20/750) that implements the EBA guidelines on management of information and communication technology (ICT) and security risks. In this circular, CSSF explains that it has integrated the EBA guidelines into its administrative practice and its regulatory approach to promote the convergence of supervisory practices in this area at the European level. The circular specifies that content of the ICT guidelines also corresponds to the expectations of CSSF concerning the risk management measures and the control and security mechanisms, as mentioned in the Law, dated April 05, 1993, on the financial sector and the Law, dated November 10, 2009, on payment services. The circular came into force on the date of its publication—that is, August 25, 2020.
The annex to the circular provides the EBA guidelines on management of ICT and security risks. The guidelines set out expectations on the way in which all financial institutions should manage their internal and external ICT and security risks. The guidelines provide financial institutions with a better understanding of supervisory expectations for the management of these risks, covering sound internal governance, information security requirements, ICT operations, project and change management, and business continuity management.
Related Links (in French)
Effective Date: August 25, 2020
Keywords: Europe, Luxembourg, Banking, ICT Risk, Operational Risk, Proportionality, EBA, CSSF
Previous Article
APRA Proposes to Amend EFS Reporting Standards and GuidanceRelated Articles
OSFI Issues Results of Pilot on Climate Risk Scenario Analysis
The Office of the Superintendent of Financial Institutions (OSFI) published an update on the discussion paper that intended to engage federally regulated financial institutions and other interested stakeholders in a dialog with OSFI, to proactively enhance and align assurance expectations over key regulatory returns.
EC Issues Regulation on Adjustments to K-Factor Coefficients Under IFR
The European Commission (EC) published a report summarizing responses to the targeted consultation on the supervisory convergence and the single rulebook in the European Union (EU).
ECB Issues Opinions on Green Bonds Standard and CRR Proposals
The European Central Bank (ECB) published its opinion on a proposal for a regulation on European green bonds, following a request from the European Parliament.
ESRB Explores Policy Response to Risks Arising from Digitalization
The Advisory Scientific Committee (ASC) of the European Systemic Risk Board (ESRB) published a report that explores the expected impact of digitalization on provision of financial and banking services, and proposes policy measures to address the risks stemming from digitalization.
HKMA Consults on FIRO Code, Revises Policy on Foreign Exchange Risk
The Hong Kong Monetary Authority (HKMA) is consulting on the draft Financial Institutions (Resolution) Ordinance (Cap. 628), or FIRO, Code of Practice chapter on liquidity and funding in resolution, until March 14, 2022.
FI Publishes Multiple Regulatory and Reporting Updates
The Swedish Financial Supervisory Authority (FI) announced that the capital adequacy reporting as at December 31, 2021 must be done by February 11, 2022.
EU Authorities Address COVID-19 Reporting, MCD, and PSD2 Issues
The European Banking Authority (EBA) announced that the guidelines on the reporting and disclosure of exposures subject to measures COVID-relief measures shall continue to apply until further notice.
BSP Tackles Aspects of Lending and Islamic, Open & Sustainable Finance
The Central Bank of the Philippines (BSP) issued communications covering developments related to online lending platforms, open finance framework and roadmap, and on the expected regulations in the area sustainable finance.
US Agencies Issue Regulatory Updates, FDIC Launches Tech Sprint
The Board of Governors of the Federal Reserve System (FED) published the final rule that amends Regulation I to reduce the quarterly reporting burden for member banks by automating the application process for adjusting their subscriptions to the Federal Reserve Bank capital stock, except in the context of mergers.
EBA Issues Guide on Bank Resolvability, Consults on Transferability
The European Banking Authority (EBA) published its assessment of risks through the quarterly Risk Dashboard and the results of the Autumn edition of the Risk Assessment Questionnaire (RAQ).
