MFSA published a document that provides background on Information and Communications Technology (ICT) risk and cybersecurity, also discussing the applicable legal and regulatory framework and the work of the Supervisory ICT Risk and Cybersecurity function of MFSA. In addition, MFSA issued a circular that addresses significant credit institutions regarding the harmonization of IMAS portal of ECB Banking Supervision with the FinHub portal of MFSA. The IMAS portal allows banks directly supervised by ECB to submit information related to supervisory processes, track their status, and exchange information with supervisors.
ECB, together with the national competent authorities of the member states in the Single Supervisory Mechanism, is in the process of streamlining the manner in which information flows between regulators and the banking industry. The system development in this respect is underway. Consequently, significant Institutions licensed in terms of the Banking Act, and supervised directly by the ECB, are being required to upload information including but not limited to fit-and-proper statuses and changes in key personnel on both the IMAS portal of ECB and the FinHub portal of MFSA, for an interim period until the back-end system development has been completed and is live. The IMAS Portal has been introduced in two phases. During the phasing-in period starting on October 20, 2020 only a limited number of significant banks were able to access and use the portal. After the full go-live on January 27, 2021, all banks directly supervised by ECB can use the portal.
Additionally, the published document on ICT risk and cybersecurity explains the supervisory approach of MFSA and outlines the establishment of the Supervisory ICT Risk and Cybersecurity function at MFSA. The document highlights the key observations of the Supervisory ICT Risk and Cybersecurity function through supervisory interactions over the past year and sets out the expectations of MFSA in this regard. It also discusses the focus areas for the coming year, in view of the designation of supervisory ICT risk and cybersecurity as a cross-sectoral priority of MFSA for 2021. The Supervisory ICT Risk and Cybersecurity function will continue to support the sectoral supervisory functions to ensure that regulated entities have an adequate cybersecurity program in place designed to enhance resilience to cyber-attacks and mitigate the risks associated with such threats. In view of the ever-increasing dependency on ICT, an enhancement, in terms of breadth and depth of supervisory activities throughout the year, is to be expected. Among others, the Supervisory ICT Risk and Cybersecurity function plans to:
- Develop an ICT and Cybersecurity risk model for supervision as a process for mapping out, and prioritizing key risk areas within the industry.
- Conduct a comprehensive and cross-sectoral thematic desk-based review on ICT Risk and Cybersecurity matters, including outsourcing.
- Intensify participation and contribution in local and foreign working groups throughout 2021 and anticipates significant progress on the legislative proposals on digital operational resilience.
- Circular on IMAS Portal
- ECB IMAS Portal
- Press Release on ICT Risk
- Document on ICT Risk and Cybersecurity (PDF)
Keywords: Europe, Malta, Banking, Reporting, IMAS Portal, FinHub Portal, SSM, Technology Risk, Cyber Risk, Outsourcing Risk, ECB, MFSA
Previous ArticleFSC Korea Details Policy Measures to Support Recovery from Pandemic
The Bank for International Settlements (BIS) published a paper that studies impact of fintech lending on credit access for small businesses in U.S.
The Prudential Regulation Authority (PRA) issued the policy statement PS8/22 to amend the Own Funds and Eligible Liabilities (CRR) Part of the PRA Rulebook and update the supervisory statement SS7/13 titled "Definition of capital (CRR firms).
The European Banking Authority (EBA) launched the EU-wide transparency exercise for 2022, with results of the exercise expected to be published at the beginning of December, along with the annual Risk Assessment Report.
The Single Resolution Board (SRB) welcomed the adoption of the review of the Capital Requirements Regulation, or CRR, also known as the "CRR quick-fix."
The European Commission (EC) recently adopted the Delegated Regulation 2022/1622, which sets out the regulatory technical standards to specify the countries that constitute advanced economies for the purpose of specifying risk-weights for the sensitivities to equity.
The European Banking Authority (EBA) published the final draft regulatory technical standards specifying and, where relevant, calibrating the minimum performance-related triggers for simple.
The European Central Bank (ECB) is undertaking the integrated reporting framework (IReF) project to integrate statistical requirements for banks into a standardized reporting framework that would be applicable across the euro area and adopted by authorities in other EU member states.
The European Banking Authority (EBA) has been awarded the top European Standard for its environmental performance under the European Eco-Management and Audit Scheme (EMAS).
The Monetary Authority of Singapore (MAS) set out the Financial Services Industry Transformation Map 2025 and, in collaboration with the SGX Group, launched ESGenome.
The Basel Committee on Banking Supervision met, shortly after a gathering of the Group of Central Bank Governors and Heads of Supervision (GHOS), the oversight body of BCBS.