MFSA published a document that provides background on Information and Communications Technology (ICT) risk and cybersecurity, also discussing the applicable legal and regulatory framework and the work of the Supervisory ICT Risk and Cybersecurity function of MFSA. In addition, MFSA issued a circular that addresses significant credit institutions regarding the harmonization of IMAS portal of ECB Banking Supervision with the FinHub portal of MFSA. The IMAS portal allows banks directly supervised by ECB to submit information related to supervisory processes, track their status, and exchange information with supervisors.
ECB, together with the national competent authorities of the member states in the Single Supervisory Mechanism, is in the process of streamlining the manner in which information flows between regulators and the banking industry. The system development in this respect is underway. Consequently, significant Institutions licensed in terms of the Banking Act, and supervised directly by the ECB, are being required to upload information including but not limited to fit-and-proper statuses and changes in key personnel on both the IMAS portal of ECB and the FinHub portal of MFSA, for an interim period until the back-end system development has been completed and is live. The IMAS Portal has been introduced in two phases. During the phasing-in period starting on October 20, 2020 only a limited number of significant banks were able to access and use the portal. After the full go-live on January 27, 2021, all banks directly supervised by ECB can use the portal.
Additionally, the published document on ICT risk and cybersecurity explains the supervisory approach of MFSA and outlines the establishment of the Supervisory ICT Risk and Cybersecurity function at MFSA. The document highlights the key observations of the Supervisory ICT Risk and Cybersecurity function through supervisory interactions over the past year and sets out the expectations of MFSA in this regard. It also discusses the focus areas for the coming year, in view of the designation of supervisory ICT risk and cybersecurity as a cross-sectoral priority of MFSA for 2021. The Supervisory ICT Risk and Cybersecurity function will continue to support the sectoral supervisory functions to ensure that regulated entities have an adequate cybersecurity program in place designed to enhance resilience to cyber-attacks and mitigate the risks associated with such threats. In view of the ever-increasing dependency on ICT, an enhancement, in terms of breadth and depth of supervisory activities throughout the year, is to be expected. Among others, the Supervisory ICT Risk and Cybersecurity function plans to:
- Develop an ICT and Cybersecurity risk model for supervision as a process for mapping out, and prioritizing key risk areas within the industry.
- Conduct a comprehensive and cross-sectoral thematic desk-based review on ICT Risk and Cybersecurity matters, including outsourcing.
- Intensify participation and contribution in local and foreign working groups throughout 2021 and anticipates significant progress on the legislative proposals on digital operational resilience.
- Circular on IMAS Portal
- ECB IMAS Portal
- Press Release on ICT Risk
- Document on ICT Risk and Cybersecurity (PDF)
Keywords: Europe, Malta, Banking, Reporting, IMAS Portal, FinHub Portal, SSM, Technology Risk, Cyber Risk, Outsourcing Risk, ECB, MFSA
Previous ArticleFSC Korea Details Policy Measures to Support Recovery from Pandemic
The Prudential Regulation Authority (PRA) published the final policy statement PS21/21 on the leverage ratio framework in the UK. PS21/21, which sets out the final policy of both the Financial Policy Committee (FPC) and PRA
The Consumer Financial Protection Bureau (CFPB) proposed to amend Regulation B to implement changes to the Equal Credit Opportunity Act (ECOA) under Section 1071 of the Dodd-Frank Act.
The Prudential Regulation Authority (PRA) decided to maintain, at the 2019 levels, the buffer rates for the Other Systemically Important Institutions (O-SII) for another year, with no new rates to be set until December 2023.
The Financial Stability Board (FSB) published a progress report on implementation of its high-level recommendations for the regulation, supervision, and oversight of global stablecoin arrangements.
In a letter to the authorized deposit taking institutions, the Australian Prudential Regulation Authority (APRA) announced an increase in the minimum interest rate buffer it expects banks to use when assessing the serviceability of home loan applications.
The Committee on Payments and Market Infrastructures (CPMI) and the International Organization of Securities Commissions (IOSCO) are consulting on the preliminary guidance that clarifies that stablecoin arrangements should observe international standards for payment, clearing, and settlement systems.
The European Banking Authority (EBA) and the European Insurance and Occupational Pensions Authority (EIOPA) have set out their respective work priorities for 2022.
The Malta Financial Services Authority (MFSA) updated the guidelines on supervisory reporting requirements under the reporting framework 3.0, in addition to the reporting module on leverage under the common reporting (COREP) framework.
The European Commission (EC) published the Implementing Decision 2021/1753 on the equivalence of supervisory and regulatory requirements of certain third countries and territories for the purposes of the treatment of exposures, in accordance with the Capital Requirements Regulation or CRR (575/2013).
EC published the Implementing Regulation 2021/1751, which lays down implementing technical standards on uniform formats and templates for notification of determination of the impracticability of including contractual recognition of write-down and conversion powers.