CSSF Issues Circular on Guidelines for Managing ICT and Security Risk
CSSF published a circular (20/750) that implements the EBA guidelines on management of information and communication technology (ICT) and security risks. In this circular, CSSF explains that it has integrated the EBA guidelines into its administrative practice and its regulatory approach to promote the convergence of supervisory practices in this area at the European level. The circular specifies that content of the ICT guidelines also corresponds to the expectations of CSSF concerning the risk management measures and the control and security mechanisms, as mentioned in the Law, dated April 05, 1993, on the financial sector and the Law, dated November 10, 2009, on payment services. The circular came into force on the date of its publication—that is, August 25, 2020.
The annex to the circular provides the EBA guidelines on management of ICT and security risks. The guidelines set out expectations on the way in which all financial institutions should manage their internal and external ICT and security risks. The guidelines provide financial institutions with a better understanding of supervisory expectations for the management of these risks, covering sound internal governance, information security requirements, ICT operations, project and change management, and business continuity management.
Related Links (in French)
Effective Date: August 25, 2020
Keywords: Europe, Luxembourg, Banking, ICT Risk, Operational Risk, Proportionality, EBA, CSSF
Previous Article
APRA Proposes to Amend EFS Reporting Standards and GuidanceRelated Articles
EBA Clarifies Use of COVID-19-Impacted Data for IRB Credit Risk Models
The European Banking Authority (EBA) published four draft principles to support supervisory efforts in assessing the representativeness of COVID-19-impacted data for banks using the internal ratings based (IRB) credit risk models.
EP Reaches Agreement on Corporate Sustainability Reporting Directive
The European Council and the European Parliament (EP) reached a provisional political agreement on the Corporate Sustainability Reporting Directive (CSRD).
PRA Consults on Model Risk Management Principles for Banks
The Prudential Regulation Authority (PRA) launched a consultation (CP6/22) that sets out proposal for a new Supervisory Statement on expectations for management of model risk by banks.
EC Regulation Amends Standards for Calculating Credit Risk Adjustments
The European Commission (EC) published the Delegated Regulation 2022/954, which amends regulatory technical standards on specification of the calculation of specific and general credit risk adjustments.
HKMA Announces Launch of Data Repository on Sustainable Finance
The Hong Kong Monetary Authority (HKMA) announced that the Green and Sustainable Finance (GSF) Cross-Agency Steering Group has launched the information and data repositories and outlined the progress made in advancing the development of green and sustainable finance in Hong Kong.
BIS Hub Updates Work Program for 2022, Announces New Projects
The Bank for International Settlements (BIS) Innovation Hub updated its work program, announcing a set of projects across various centers.
EIOPA Issues Cyber Underwriting Proposal, Statement on Open Insurance
The European Insurance and Occupational Pensions Authority (EIOPA) published two consultation papers—one on the supervisory statement on exclusions related to systemic events and the other on the supervisory statement on the management of non-affirmative cyber exposures.
NGFS Report on Integration of G-Cubed Model into NGFS Scenarios
The Network for Greening the Financial System (NGFS) published a report that explores the feasibility of integrating the G-Cubed general equilibrium model into the NGFS suite of models.
US Senate Members Seek Details on SEC Proposed Climate Disclosure Rule
Certain members of the U.S. Senate Committee on Banking, Housing, and Urban Affairs issued a letter to the Securities and Exchange Commission (SEC)
EIOPA Consults on Review of Securitization Framework in Solvency II
The European Insurance and Occupational Pensions Authority (EIOPA) published a consultation paper on the advice on the review of the securitization prudential framework in Solvency II.