CBK published the cybersecurity framework for banking sector in Kuwait. The framework defines three core principles that enhance the cybersecurity and resilience capabilities of banking sector: governance, risk management, and compliance; collaboration, and continual improvement. The framework is applicable to all regulated entities supervised by CBK. The framework is issued for the board of directors, senior management, information security professionals, information technology professionals, and others who are responsible for establishing, implementing, and ensuring the compliance of their entity with the framework.
The strategic framework consists of the following integrated initiatives for banking sector in Kuwait:
- The first initiative establishes a mechanism for the Information Security Working Group of the banking sector by defining the methodology, scope, and responsibilities of team members. An emphasis is placed on confidentiality, information and data privacy, and absence of conflicts of interest.
- The second initiative lays down principles for dealing with cyber risks, which include defining governance requirements, risk management, compliance, crisis management, response and recovery, and collaboration and information-sharing. Additionally, it includes continuous improvements and developments in the field of cybersecurity.
- The third initiative sets the baseline requirements of information security controls. This initiative is among the most important stages of the project, as it provides detailed security controls that all regulated entities must comply to. It covers governance, risk management, compliance, securing of infrastructure and operations, and dealing with third-party risks and protecting electronic payment systems. All banks must comply with all baseline control requirements set forth in the initiative, through the completion of inherit risk and cyber risk self-assessment, to prove their readiness to address cybersecurity risks
- The strategic framework also develops a Cyber Crisis Management Strategy and Plan. It introduces a complete framework for managing cyber crisis. Moreover, the Strategy and Plan provides a holistic view of crisis management, including reports, as well as the prescribed response measures. Furthermore, this plan provides a matrix to measure the impact of potential risks.
- Among the initiatives included in the framework is also the development of a mechanism for dealing with, reporting, and sharing of information between banks, in accordance with the highest international standards.
- The framework also introduces the development of a platform for cyber threat intelligence sharing.
Keywords: Middle East and Africa, Kuwait, Banking, Cyber Risk, Governance, ESG, Cybersecurity Framework, Operational Risk, Third-party Arrangement, Cloud Computing, CBK
PRA published the policy statement PS8/21, which contains the final supervisory statement SS3/21 on the PRA approach to supervision of the new and growing non-systemic banks in UK.
EBA published a report that sets out the final draft regulatory technical standards specifying the conditions according to which consolidation shall be carried out in line with Article 18 of the Capital Requirements Regulation (CRR).
EBA updated the list of other systemically important institutions (O-SIIs) in EU.
BCBS published two reports that discuss transmission channels of climate-related risks to the banking system and the measurement methodologies of climate-related financial risks.
UK Authorities (FCA and PRA) welcomed the findings of FSB peer review on the implementation of financial sector remuneration reforms in the UK.
PRA and FCA jointly issued a letter that highlights risks associated with the increasing volumes of deposits that are placed with banks and building societies via deposit aggregators and how to mitigate these risks.
MFSA announced that amendments to the Banking Act, Subsidiary Legislation, and Banking Rules will be issued in the coming months, to transpose the Capital Requirements Directive (CRD5) into the national regulatory framework.
EC finalized the Delegated Regulation 2021/598 that supplements the Capital Requirements Regulation (CRR or 575/2013) and lays out the regulatory technical standards for assigning risk-weights to specialized lending exposures.
OSFI launched a consultation to explore ways to enhance the OSFI assurance over capital, leverage, and liquidity returns for banks and insurers, given the increasing complexity arising from the evolving regulatory reporting framework due to IFRS 17 (Insurance Contracts) standard and Basel III reforms.
ECB published results of the benchmarking analysis of the recovery plan cycle for 2019.