CBK Publishes Cybersecurity Framework for Banking Sector in Kuwait
CBK published the cybersecurity framework for banking sector in Kuwait. The framework defines three core principles that enhance the cybersecurity and resilience capabilities of banking sector: governance, risk management, and compliance; collaboration, and continual improvement. The framework is applicable to all regulated entities supervised by CBK. The framework is issued for the board of directors, senior management, information security professionals, information technology professionals, and others who are responsible for establishing, implementing, and ensuring the compliance of their entity with the framework.
The strategic framework consists of the following integrated initiatives for banking sector in Kuwait:
- The first initiative establishes a mechanism for the Information Security Working Group of the banking sector by defining the methodology, scope, and responsibilities of team members. An emphasis is placed on confidentiality, information and data privacy, and absence of conflicts of interest.
- The second initiative lays down principles for dealing with cyber risks, which include defining governance requirements, risk management, compliance, crisis management, response and recovery, and collaboration and information-sharing. Additionally, it includes continuous improvements and developments in the field of cybersecurity.
- The third initiative sets the baseline requirements of information security controls. This initiative is among the most important stages of the project, as it provides detailed security controls that all regulated entities must comply to. It covers governance, risk management, compliance, securing of infrastructure and operations, and dealing with third-party risks and protecting electronic payment systems. All banks must comply with all baseline control requirements set forth in the initiative, through the completion of inherit risk and cyber risk self-assessment, to prove their readiness to address cybersecurity risks
- The strategic framework also develops a Cyber Crisis Management Strategy and Plan. It introduces a complete framework for managing cyber crisis. Moreover, the Strategy and Plan provides a holistic view of crisis management, including reports, as well as the prescribed response measures. Furthermore, this plan provides a matrix to measure the impact of potential risks.
- Among the initiatives included in the framework is also the development of a mechanism for dealing with, reporting, and sharing of information between banks, in accordance with the highest international standards.
- The framework also introduces the development of a platform for cyber threat intelligence sharing.
Related Links
Keywords: Middle East and Africa, Kuwait, Banking, Cyber Risk, Governance, ESG, Cybersecurity Framework, Operational Risk, Third-party Arrangement, Cloud Computing, CBK
Related Articles
BIS Paper Studies Impact of Fintech Lending on Small Businesses in US
The Bank for International Settlements (BIS) published a paper that studies impact of fintech lending on credit access for small businesses in U.S.
UK Regulators Issue CRR Changes and Stress Test Scenarios for Banks
The Prudential Regulation Authority (PRA) issued the policy statement PS8/22 to amend the Own Funds and Eligible Liabilities (CRR) Part of the PRA Rulebook and update the supervisory statement SS7/13 titled "Definition of capital (CRR firms).
EBA Launches EU-Wide Transparency Exercise in 2022
The European Banking Authority (EBA) launched the EU-wide transparency exercise for 2022, with results of the exercise expected to be published at the beginning of December, along with the annual Risk Assessment Report.
SRB on CRR Quick-Fix to Policy for Multiple Point of Entry Banks
The Single Resolution Board (SRB) welcomed the adoption of the review of the Capital Requirements Regulation, or CRR, also known as the "CRR quick-fix."
EC Rule Lists Advanced Economies for Market Risk Capital Calculations
The European Commission (EC) recently adopted the Delegated Regulation 2022/1622, which sets out the regulatory technical standards to specify the countries that constitute advanced economies for the purpose of specifying risk-weights for the sensitivities to equity.
EBA Publishes Final Regulatory Standards on STS Securitizations
The European Banking Authority (EBA) published the final draft regulatory technical standards specifying and, where relevant, calibrating the minimum performance-related triggers for simple.
ECB Further Reviews Costs and Benefits Associated with IReF
The European Central Bank (ECB) is undertaking the integrated reporting framework (IReF) project to integrate statistical requirements for banks into a standardized reporting framework that would be applicable across the euro area and adopted by authorities in other EU member states.
EBA Publishes Funding Plans Report, Receives EMAS Certification
The European Banking Authority (EBA) has been awarded the top European Standard for its environmental performance under the European Eco-Management and Audit Scheme (EMAS).
MAS Launches SaaS Solution to Simplify Listed Entity ESG Disclosures
The Monetary Authority of Singapore (MAS) set out the Financial Services Industry Transformation Map 2025 and, in collaboration with the SGX Group, launched ESGenome.
BCBS to Finalize Crypto Rules by End-2022; US to Propose Basel 3 Rules
The Basel Committee on Banking Supervision met, shortly after a gathering of the Group of Central Bank Governors and Heads of Supervision (GHOS), the oversight body of BCBS.
