MFSA published a document that provides background on Information and Communications Technology (ICT) risk and cybersecurity, also discussing the applicable legal and regulatory framework and the work of the Supervisory ICT Risk and Cybersecurity function of MFSA. In addition, MFSA issued a circular that addresses significant credit institutions regarding the harmonization of IMAS portal of ECB Banking Supervision with the FinHub portal of MFSA. The IMAS portal allows banks directly supervised by ECB to submit information related to supervisory processes, track their status, and exchange information with supervisors.
ECB, together with the national competent authorities of the member states in the Single Supervisory Mechanism, is in the process of streamlining the manner in which information flows between regulators and the banking industry. The system development in this respect is underway. Consequently, significant Institutions licensed in terms of the Banking Act, and supervised directly by the ECB, are being required to upload information including but not limited to fit-and-proper statuses and changes in key personnel on both the IMAS portal of ECB and the FinHub portal of MFSA, for an interim period until the back-end system development has been completed and is live. The IMAS Portal has been introduced in two phases. During the phasing-in period starting on October 20, 2020 only a limited number of significant banks were able to access and use the portal. After the full go-live on January 27, 2021, all banks directly supervised by ECB can use the portal.
Additionally, the published document on ICT risk and cybersecurity explains the supervisory approach of MFSA and outlines the establishment of the Supervisory ICT Risk and Cybersecurity function at MFSA. The document highlights the key observations of the Supervisory ICT Risk and Cybersecurity function through supervisory interactions over the past year and sets out the expectations of MFSA in this regard. It also discusses the focus areas for the coming year, in view of the designation of supervisory ICT risk and cybersecurity as a cross-sectoral priority of MFSA for 2021. The Supervisory ICT Risk and Cybersecurity function will continue to support the sectoral supervisory functions to ensure that regulated entities have an adequate cybersecurity program in place designed to enhance resilience to cyber-attacks and mitigate the risks associated with such threats. In view of the ever-increasing dependency on ICT, an enhancement, in terms of breadth and depth of supervisory activities throughout the year, is to be expected. Among others, the Supervisory ICT Risk and Cybersecurity function plans to:
- Develop an ICT and Cybersecurity risk model for supervision as a process for mapping out, and prioritizing key risk areas within the industry.
- Conduct a comprehensive and cross-sectoral thematic desk-based review on ICT Risk and Cybersecurity matters, including outsourcing.
- Intensify participation and contribution in local and foreign working groups throughout 2021 and anticipates significant progress on the legislative proposals on digital operational resilience.
- Circular on IMAS Portal
- ECB IMAS Portal
- Press Release on ICT Risk
- Document on ICT Risk and Cybersecurity (PDF)
Keywords: Europe, Malta, Banking, Reporting, IMAS Portal, FinHub Portal, SSM, Technology Risk, Cyber Risk, Outsourcing Risk, ECB, MFSA
Previous ArticleFSC Korea Details Policy Measures to Support Recovery from Pandemic
EU published Directive 2021/338, which amends the Markets in Financial Instruments Directive (MiFID) II and the Capital Requirements Directives (CRD 4 and 5) to facilitate recovery from the COVID-19 crisis.
The Standing Committee of the European Free Trade Association (EFTA) recommended that a systemic risk buffer level of 4.5% for domestic exposures can be considered appropriate for addressing the identified systemic risks to the stability of the financial system in Norway.
In a recent statement, PRA clarified its approach to the application of certain EU regulatory technical standards and EBA guidelines on standardized and internal ratings-based approaches to credit risk, following the end of the Brexit transition.
In a recently published letter addressed to the G20 finance ministers and central bank governors, the FSB Chair Randal K. Quarles has set out the key FSB priorities for 2021.
EU published, in the Official Journal of the European Union, a corrigendum to the revised Capital Requirements Regulation (CRR2 or Regulation 2019/876).
ESAs published a joint supervisory statement on the effective and consistent application and on national supervision of the regulation on sustainability-related disclosures in the financial services sector (SFDR).
EC published a public consultation on the review of crisis management and deposit insurance frameworks in EU.
HKMA announced that enhancements will be made to the Special 100% Loan Guarantee of the SME Financing Guarantee Scheme (SFGS) and the application period will be extended to December 31, 2021.
EBA launched consultations on the regulatory and implementing technical standards on cooperation and information exchange between competent authorities involved in prudential supervision of investment firms.
BoE issued a letter to the CEOs of eight major UK banks that are in scope of the first Resolvability Assessment Framework (RAF) reporting and disclosure cycle.