CSSF published a circular (20/750) that implements the EBA guidelines on management of information and communication technology (ICT) and security risks. In this circular, CSSF explains that it has integrated the EBA guidelines into its administrative practice and its regulatory approach to promote the convergence of supervisory practices in this area at the European level. The circular specifies that content of the ICT guidelines also corresponds to the expectations of CSSF concerning the risk management measures and the control and security mechanisms, as mentioned in the Law, dated April 05, 1993, on the financial sector and the Law, dated November 10, 2009, on payment services. The circular came into force on the date of its publication—that is, August 25, 2020.
The annex to the circular provides the EBA guidelines on management of ICT and security risks. The guidelines set out expectations on the way in which all financial institutions should manage their internal and external ICT and security risks. The guidelines provide financial institutions with a better understanding of supervisory expectations for the management of these risks, covering sound internal governance, information security requirements, ICT operations, project and change management, and business continuity management.
Related Links (in French)
Effective Date: August 25, 2020
Keywords: Europe, Luxembourg, Banking, ICT Risk, Operational Risk, Proportionality, EBA, CSSF
Previous ArticleAPRA Proposes to Amend EFS Reporting Standards and Guidance
PRA published a statement that explains when to expect further information on the PRA approach to transposing the Capital Requirements Directive (CRD5), including its approach to revisions to the definition of capital for Pillar 2A.
SRB published the work program for 2021-2023, setting out a roadmap to further operationalize the Single Resolution Fund and to achieve robust resolvability of banks under its remit over the next three years.
EIOPA is consulting on the relevant ratios to be mandatorily disclosed by insurers and reinsurers falling within the scope of the Non-Financial Reporting Directive as well as on the methodologies to build these ratios.
ECB finalized guidance on the way it expects banks to prudently manage and transparently disclose climate and other environmental risks under the current prudential rules.
BCBS published a technical amendment to the capital treatment of securitizations of non-performing loans by banks.
BoE announced that the Data and Statistics Division is planning to move collection of statistical data to the BoE Electronic Data Submission (BEEDS) portal.
APRA published the updated reporting standards and guidance for the collection of Economic and Financial Statistics (EFS), following a consultation process. Also published was a response letter to the feedback received on the proposal for amending the EFS reporting standards and guidance.
EC is consulting on a draft delegated regulation to supplement the Taxonomy Regulation (2020/852) by establishing the technical screening criteria for determining the conditions under which an economic activity qualifies as environmentally sustainable.
The IFRS Foundation published material highlighting the ways in which existing requirements in IFRS standards require companies to consider climate-related matters when their effect is material to the financial statements.
FSB published a progress report on the implementation of reforms to major interest rate benchmarks, including the London Inter-bank Offered Rate (LIBOR) benchmark.