AMF Publishes Guideline on ICT Risk Management
AMF published the guideline on information and communications technology (ICT) risk management. The guideline takes into account developments in ICT risk management and reflects observations made by AMF in the course of its supervisory activities in relation to the financial institutions concerned. The effective date of this guideline is February 27, 2020. With respect to the legal obligation imposed on the institutions to follow sound and prudent management practices, AMF expects each institution to adopt the principles of this guideline by developing strategies, policies, and procedures commensurate with its nature, scale, complexity, and risk profile.
The guideline is intended for authorized insurers, federations of mutual companies, financial services cooperatives, and legal persons belonging to a cooperative group, authorized trust companies, savings companies, and certain other deposit institutions. It describes the expectations of AMF with respect to ICT risk. The ultimate goal of these expectations is to strengthen the financial sector’s resilience in response to the risk of data being lost, leaked, stolen, corrupted, or accessed without authorization. These expectations are intended to ensure the development of appropriate security hygiene through the implementation of measures that will help prevent a major incident and limit its impact.
Each institution is responsible for clearly understanding all its ICT risks and ensuring that they are appropriately considered in light of the institution’s nature, size, complexity, and risk profile. AMF is also responsible for staying current on the best practices in ICT risk management and adopting them to the extent that they meet its needs. The standards or policies adopted by a federation with respect to financial services cooperatives and mutual insurance associations that are members of the federation should be consistent, if not convergent, with the principles of sound and prudent management set down in legislation and clarified in this guideline.
Effective Date: February 27, 2020
Keywords: Americas, Canada, Banking, Insurance, Guideline, ICT, Cyber Risk, Data Protection, AMF
Previous Article
PRA Updates Release Note for BoE Banking Taxonomy Version 3.3.0Related Articles
EC Delegated Regulation on Specialized Lending Exposures Under CRR
EC finalized the Delegated Regulation 2021/598 that supplements the Capital Requirements Regulation (CRR or 575/2013) and lays out the regulatory technical standards for assigning risk-weights to specialized lending exposures.
OSFI Consults on Minimum Qualifying Rate for Uninsured Mortgages
OSFI is proposing new minimum qualifying rate for uninsured mortgages under the Guideline B-20.
OSFI Issues Letter on ICAAP Submission and Internal Audit of BCAR
OSFI issued a letter to confirm that a formal Internal Capital Adequacy Assessment Process (ICAAP) submission is not required in 2021.
ECB Updates List of Supervised Entities in EU in April 2021
ECB updated the list of supervised entities in EU, with the number of significant supervised entities amounting to 115 as of the March 01, 2021 cut-off date.
ESMA Issues Notification Templates for STS Synthetic Securitizations
ESMA published the interim simple, transparent, and standardized (STS) notification templates for synthetic securitizations, post the recent amendments to the Securitization Regulation.
EC Agrees to Prolong Scheme to Support NPL Reduction at Greek Banks
EC has approved the prolongation of an existing Greek scheme aiming to support the reduction of nonperforming loans, or NPLs, of Greek banks on the basis that it remains free of any State aid.
EIOPA Study Examines Internal Model Market and Credit Risks Under SII
EIOPA published a report presenting the results of its yearly study on the internal modeling of market and credit risks under the Solvency II Directive, also known as SII.
EBA Issues Erratum for Phase 2 Package of Reporting Framework 3.0
EBA published an erratum for the technical package on phase 2 of the reporting framework 3.0.
EBA Updates Lists of Entities for Use in Capital Calculations under SA
EBA published an erratum for the technical package on phase 2 of the reporting framework 3.0.
FED Proposes to Automate Bank Stock Adjustment Using Call Report Data
FED published a proposal to automate non-merger-related adjustments to member banks' subscriptions to Federal Reserve Bank capital stock.
