ECB Publishes the Cyber Resilience Oversight Expectations
ECB published the final cyber resilience oversight expectations for financial market infrastructures (FMIs). The cyber resilience oversight expectations are based on the global guidance on cyber resilience for financial market infrastructures. This guidance was published by CPMI and IOSCO in June 2016. ECB also published a high-level overview of the comments received during the consultation and summarized the main amendments to the cyber resilience oversight expectations.
The cyber resilience oversight expectations provide FMIs with detailed steps on how to operationalize the guidance, provide overseers with clear expectations to assess FMIs under their responsibility, and provide the basis for a meaningful discussion between the FMIs and their respective overseers. During the consultation, ECB received responses from 20 entities, including FMIs, banks, banking communities, and associations. Comments in the public consultation mostly focused on four aspects:
- Level of prescriptiveness of the expectations
- Three levels of cyber maturity and how these correspond to other international cybersecurity frameworks, which also have maturity models
- Process for oversight assessments against the cyber resilience oversight expectations
- Need for harmonization across different jurisdictions and among regulators, to reduce the fragmentation of regulatory expectations and facilitate oversight convergence
Cyber resilience is an important aspect of the operational resilience of FMIs and efficient operation of FMIs is essential for maintaining and enhancing financial stability. If not properly managed, FMIs can be sources of financial shocks, such as credit losses. They can also be a major channel through which these shocks are transmitted across domestic and international financial markets.
Related Links
- Press Release
- Cyber Resilience Oversight Guidance (PDF)
- ECB Response to Consultation
- Responses from Entities (ZIP)
- CPMI-IOSCO Guidance on Cyber Resilience
Keywords: Europe, EU, Banking, PMI, FMI, Cyber Resilience, Cyber Risk, Operational Risk, ECB
Previous Article
MFSA Updates Multiple Reporting Templates Under COREP and FINREPNext Article
SRB Chair Speaks About Work Priorities for 2019Related Articles
EC Adopts Financial Reporting Changes Arising from Benchmark Reforms
EC published Regulation 2021/25 that addresses amendments related to the financial reporting consequences of replacement of the existing interest rate benchmarks with alternative reference rates.
BIS Bulletin Examines Key Elements of Policy Response to Cyber Risk
BIS published a bulletin, or a note, that examines the cyber threat landscape in the context of the pandemic and discusses policies to reduce risks to financial stability.
HMT Updates List of Post-Brexit Equivalence Decisions in UK
HM Treasury, also known as HMT, has updated the table containing the list of the equivalence decisions that came into effect in UK at the end of the transition period of its withdrawal from EU.
EBA Issues Erratum for Technical Package on Reporting Framework 3.0
EBA published an erratum for technical package on phase 1 of the reporting framework 3.0.
APRA Publishes FAQ on Measurement of Credit Risk Weighted Assets
APRA updated a frequently asked question (FAQ), for authorized deposit-taking institutions, on the measurement of credit risk weighted assets.
EBA Publishes Risk Dashboard for Third Quarter of 2020
EBA published the quarterly risk dashboard, along with the results of the Risk Assessment Questionnaire survey among 60 banks and 15 market analysts.
ECB Analysis Shows Privacy as Biggest Concern in Use of Digital Euro
ECB concluded the public consultation on the introduction of a digital euro in EU.
ECB Finalizes Guide on Supervisory Approach to Bank Consolidation
ECB published a guide that sets out the supervisory approach to consolidation in the banking sector.
SRB Chair Outlines Work Priorities for 2021
The SRB Chair Elke König published an article setting out work priorities for 2021.
FDIC Selects Companies to Compete in Final Phase of Tech Sprint
FDIC has selected 11 technology companies—including BearingPoint, Fed Reporter, Inc, and S&P Global Market Intelligence, LLC—for inclusion in the third and final phase of the rapid prototyping competition.