EIOPA Consults on Guidelines on ICT Security and Governance
EIOPA issued a consultation on guidelines on the Information and Communication Technology (ICT) security and governance by insurers. The guidelines covers the areas of governance and risk management, ICT operations security, and ICT operations management. These guidelines shall provide guidance to national supervisory authorities and market participants on how regulation regarding operational risks set forth in the Solvency II Directive (2009/138/EC), the Delegated Regulation 2015/35, and EIOPA Guidelines on System of Governance is applied in the case of ICT security and governance. The consultation period on these guidelines ends on March 13, 2020.
Recognizing the need for being prepared for cyber risk and a sound cyber-security framework by undertakings, these guidelines also cover cyber-security as a part of the information security measures of an undertaking. The objective of these guidelines is to provide clarification and transparency to market participants on the minimum expected information and cyber-security capabilities. The guidelines are intended to help avoid potential regulatory arbitrage and to foster supervisory convergence regarding the expectations and processes applicable in relation to ICT security and governance as a key to proper ICT and security risk management. The guidelines should be read in conjunction with and without prejudice to the Solvency II Directive, the Delegated Regulation, EIOPA Guidelines on system of governance and EIOPA Guidelines on outsourcing to cloud service providers. As a next step, EIOPA will consider the feedback received to this consultation, publish a final report on the consultation, and submit the guidelines for adoption by its Board of Supervisors.
Related Links
Comment Due Date: March 13, 2020
Keywords: Europe, EU, Insurance, Cyber Risk, Operational Risk, Fintech, Solvency II, Cloud Service Providers, EIOPA
Featured Experts
Adam Koursaris
Asset and liability management expert; capable modeler; risk and capital specialist
Cassandra Hannibal
Life insurance actuary; risk management and economic capital specialist
Jerome Ogrodzki
Insurance asset and liabilities modeling specialist; stochastic modeling expert
Previous Article
MAS Consults on Regulatory Approach for Payment Token DerivativesRelated Articles
EBA Updates Filing Rules for Supervisory Reporting
The European Banking Authority (EBA) published version 5.1 of the filing rules for supervisory reporting.
ECB Amends Guideline on Procedures for Collection of AnaCredit Data
The European Central Bank (ECB) Guideline 2021/1829 on the procedures for the collection of granular credit and credit risk data has been published in the Official Journal of European Union.
ECB Amends Guideline on Procedures for Collection of AnaCredit Data
The European Central Bank (ECB) Guideline 2021/1829 on the procedures for the collection of granular credit and credit risk data has been published in the Official Journal of European Union.
EBA Publishes Standards on Disclosure of Investment Policy Under IFR
The European Banking Authority (EBA) published the final draft regulatory technical standards on disclosure of investment policy by investment firms, under the Investment Firms Regulation (IFR).
APRA Finalizes Guidance for New Prudential Standard on Remuneration
The Australian Prudential Regulation Authority (APRA) published the prudential practice guide CPG 511 to assist banks, insurers, and superannuation licensees in meeting requirements of CPS 511, the new prudential standard on remuneration.
OCC Updated LIBOR Self-Assessment Tool for Banks
The Office of the Comptroller of the Currency (OCC) published a bulletin that provides an updated self-assessment tool for banks to evaluate their preparedness for cessation of the London Interbank Offered Rate (LIBOR).
TCFD Updates Guidance for Financial Disclosures on Climate Risk
The Financial Stability Board (FSB) published a report that examines the progress made toward disclosures aligned with recommendations of the Task Force on Climate-related Financial Disclosures (TCFD).
BCBS Report Examines Progress on Adoption of Basel III Framework
The Basel Committee on Banking Supervision (BCBS) published the progress report on adoption of the Basel III regulatory framework in member jurisdictions.
ACPR Implements Updates Related to DPM Version 3.1
The French Prudential Supervisory Authority (ACPR) has implemented, in its information system, updates linked to the Data Point Model (DPM) version 3.1.
EBA Note Examines Transition Risks of Benchmark Rates
The European Banking Authority (EBA) published a thematic note that aims to identify and raise awareness of the transition risks of benchmark rates, as the London Interbank Offered Rate (LIBOR) and the Euro Overnight Index Average (EONIA) are close to being phased out.
