Featured Product

    CBK Publishes Cybersecurity Framework for Banking Sector in Kuwait

    February 18, 2020

    CBK published the cybersecurity framework for banking sector in Kuwait. The framework defines three core principles that enhance the cybersecurity and resilience capabilities of banking sector: governance, risk management, and compliance; collaboration, and continual improvement. The framework is applicable to all regulated entities supervised by CBK. The framework is issued for the board of directors, senior management, information security professionals, information technology professionals, and others who are responsible for establishing, implementing, and ensuring the compliance of their entity with the framework.

    The strategic framework consists of the following integrated initiatives for banking sector in Kuwait:

    • The first initiative establishes a mechanism for the Information Security Working Group of the banking sector by defining the methodology, scope, and responsibilities of team members. An emphasis is placed on confidentiality, information and data privacy, and absence of conflicts of interest.
    • The second initiative lays down principles for dealing with cyber risks, which include defining governance requirements, risk management, compliance, crisis management, response and recovery, and collaboration and information-sharing. Additionally, it includes continuous improvements and developments in the field of cybersecurity.
    • The third initiative sets the baseline requirements of information security controls. This initiative is among the most important stages of the project, as it provides detailed security controls that all regulated entities must comply to. It covers governance, risk management, compliance, securing of infrastructure and operations, and dealing with third-party risks and protecting electronic payment systems. All banks must comply with all baseline control requirements set forth in the initiative, through the completion of inherit risk and cyber risk self-assessment, to prove their readiness to address cybersecurity risks
    • The strategic framework also develops a Cyber Crisis Management Strategy and Plan. It introduces a complete framework for managing cyber crisis. Moreover, the Strategy and Plan provides a holistic view of crisis management, including reports, as well as the prescribed response measures. Furthermore, this plan provides a matrix to measure the impact of potential risks.
    • Among the initiatives included in the framework is also the development of a mechanism for dealing with, reporting, and sharing of information between banks, in accordance with the highest international standards. 
    • The framework also introduces the development of a platform for cyber threat intelligence sharing.

     

    Related Links

    Keywords: Middle East and Africa, Kuwait, Banking, Cyber Risk, Governance, ESG, Cybersecurity Framework, Operational Risk, Third-party Arrangement, Cloud Computing, CBK

    Related Articles
    News

    EBA Publishes Regulatory Standards to Identify Shadow Banking Entities

    The European Banking Authority (EBA) published the final draft regulatory technical standards specifying the criteria to identify shadow banking entities for the purposes of reporting large exposures.

    May 23, 2022 WebPage Regulatory News
    News

    EU Agencies Update LCR Rule and Macro-Prudential Policy Recommendation

    The European Commission (EC) published the Delegated Regulation 2022/786 with regard to the liquidity coverage requirements for credit institutions under the Capital Requirements Regulation (CRR).

    May 23, 2022 WebPage Regulatory News
    News

    OSFI Discusses Benchmark Rate Transition, Sets Out Work Priorities

    The Office of the Superintendent of Financial Institutions (OSFI) published the strategic plan for 2022-2025 and the departmental plan for 2022-23.

    May 17, 2022 WebPage Regulatory News
    News

    EBA Proposes Standards to Support Secondary NPL Markets

    The European Banking Authority (EBA) is consulting, until August 31, 2022, on the draft implementing technical standards specifying requirements for the information that sellers of non-performing loans (NPLs) shall provide to prospective buyers.

    May 17, 2022 WebPage Regulatory News
    News

    EU Confirms Agreement on Rules on Cybersecurity and Banking Resolution

    The European Council and the Parliament reached an agreement on the revised Directive on security of network and information systems (NIS2 Directive).

    May 13, 2022 WebPage Regulatory News
    News

    EBA Issues Standards for Crowdfunding Service Providers Under ECSPR

    The European Banking Authority (EBA) published the final draft regulatory technical standards specifying information that crowdfunding service providers shall provide to investors on the calculation of credit scores and prices of crowdfunding offers.

    May 13, 2022 WebPage Regulatory News
    News

    EU to Amend Credit Risk Adjustment Rules; ESAs Submit Queries on SFDR

    The European Council published a draft Commission Delegated Regulation to amend the regulatory technical standards on specification of the calculation of specific and general credit risk adjustments.

    May 13, 2022 WebPage Regulatory News
    News

    EU Confirms Agreement on Rules on Cybersecurity and Banking Resolution

    The European Securities and Markets Authority (ESMA) published a paper that examines the systemic risk posed by increasing use of cloud services, along with the potential policy options to mitigate this risk.

    May 12, 2022 WebPage Regulatory News
    News

    MAS Amends Notice 635 and Issues Second Proposal on Green Taxonomy

    The Monetary Authority of Singapore (MAS) published amendments to Notice 635, which sets out requirements that a bank in Singapore has to comply with when granting an unsecured non-card credit facility to individuals.

    May 12, 2022 WebPage Regulatory News
    News

    EC Consults on PSD2 and Open Finance; EU Reaches Agreement on DORA

    The European Commission (EC) published a public consultation on the review of revised payment services directive (PSD2) and open finance.

    May 11, 2022 WebPage Regulatory News
    RESULTS 1 - 10 OF 8201