ECB published the final cyber resilience oversight expectations for financial market infrastructures (FMIs). The cyber resilience oversight expectations are based on the global guidance on cyber resilience for financial market infrastructures. This guidance was published by CPMI and IOSCO in June 2016. ECB also published a high-level overview of the comments received during the consultation and summarized the main amendments to the cyber resilience oversight expectations.
The cyber resilience oversight expectations provide FMIs with detailed steps on how to operationalize the guidance, provide overseers with clear expectations to assess FMIs under their responsibility, and provide the basis for a meaningful discussion between the FMIs and their respective overseers. During the consultation, ECB received responses from 20 entities, including FMIs, banks, banking communities, and associations. Comments in the public consultation mostly focused on four aspects:
- Level of prescriptiveness of the expectations
- Three levels of cyber maturity and how these correspond to other international cybersecurity frameworks, which also have maturity models
- Process for oversight assessments against the cyber resilience oversight expectations
- Need for harmonization across different jurisdictions and among regulators, to reduce the fragmentation of regulatory expectations and facilitate oversight convergence
Cyber resilience is an important aspect of the operational resilience of FMIs and efficient operation of FMIs is essential for maintaining and enhancing financial stability. If not properly managed, FMIs can be sources of financial shocks, such as credit losses. They can also be a major channel through which these shocks are transmitted across domestic and international financial markets.
- Press Release
- Cyber Resilience Oversight Guidance (PDF)
- ECB Response to Consultation
- Responses from Entities (ZIP)
- CPMI-IOSCO Guidance on Cyber Resilience
Keywords: Europe, EU, Banking, PMI, FMI, Cyber Resilience, Cyber Risk, Operational Risk, ECB
Previous ArticleEIOPA Publishes Q&A on Regulations and Guidelines
MAS and Temasek jointly released a report to mark the successful conclusion of the fifth and final phase of Project Ubin, which focused on building a blockchain-based multi-currency payments network prototype.
PRA published a public working draft, or PWD, of version 1.2.0 of the BoE Insurance XBRL taxonomy, along with the related technical artefacts.
CPMI published a report that sets out nineteen building blocks for a global roadmap to improve cross-border payments.
EBA published phase 2 of the technical package on the reporting framework 2.10, providing the technical tools and specifications for implementation of EBA reporting requirements.
APRA updated the lists of the Direct to APRA (D2A) validation rules for authorized deposit-taking institutions, insurers, and superannuation entities.
PRA updated the statement that provides guidance to regulated firms on implementation of the EBA guidelines on reporting and disclosure of exposures subject to measures applied in response to the COVID-19 crisis.
EBA updated the 2019 list of closely correlated currencies that was originally published in December 2013.
ESMA published the final report on the guidelines on securitization repository data completeness and consistency thresholds.
FASB issued a proposed Accounting Standards Update that would grant insurance companies, adversely affected by the COVID-19 pandemic, an additional year to implement the Accounting Standards Update No. 2018-12 on targeted improvements to accounting for long-duration insurance contracts, or LDTI (Topic 944).
APRA updated the regulatory approach for loans subject to repayment deferrals amid the COVID-19 crisis.