AMF Publishes Guideline on ICT Risk Management
AMF published the guideline on information and communications technology (ICT) risk management. The guideline takes into account developments in ICT risk management and reflects observations made by AMF in the course of its supervisory activities in relation to the financial institutions concerned. The effective date of this guideline is February 27, 2020. With respect to the legal obligation imposed on the institutions to follow sound and prudent management practices, AMF expects each institution to adopt the principles of this guideline by developing strategies, policies, and procedures commensurate with its nature, scale, complexity, and risk profile.
The guideline is intended for authorized insurers, federations of mutual companies, financial services cooperatives, and legal persons belonging to a cooperative group, authorized trust companies, savings companies, and certain other deposit institutions. It describes the expectations of AMF with respect to ICT risk. The ultimate goal of these expectations is to strengthen the financial sector’s resilience in response to the risk of data being lost, leaked, stolen, corrupted, or accessed without authorization. These expectations are intended to ensure the development of appropriate security hygiene through the implementation of measures that will help prevent a major incident and limit its impact.
Each institution is responsible for clearly understanding all its ICT risks and ensuring that they are appropriately considered in light of the institution’s nature, size, complexity, and risk profile. AMF is also responsible for staying current on the best practices in ICT risk management and adopting them to the extent that they meet its needs. The standards or policies adopted by a federation with respect to financial services cooperatives and mutual insurance associations that are members of the federation should be consistent, if not convergent, with the principles of sound and prudent management set down in legislation and clarified in this guideline.
Effective Date: February 27, 2020
Keywords: Americas, Canada, Banking, Insurance, Guideline, ICT, Cyber Risk, Data Protection, AMF
Previous Article
PRA Updates Release Note for BoE Banking Taxonomy Version 3.3.0Related Articles
EBA Updates Filing Rules for Supervisory Reporting
The European Banking Authority (EBA) published version 5.1 of the filing rules for supervisory reporting.
ECB Amends Guideline on Procedures for Collection of AnaCredit Data
The European Central Bank (ECB) Guideline 2021/1829 on the procedures for the collection of granular credit and credit risk data has been published in the Official Journal of European Union.
ECB Amends Guideline on Procedures for Collection of AnaCredit Data
The European Central Bank (ECB) Guideline 2021/1829 on the procedures for the collection of granular credit and credit risk data has been published in the Official Journal of European Union.
EBA Publishes Standards on Disclosure of Investment Policy Under IFR
The European Banking Authority (EBA) published the final draft regulatory technical standards on disclosure of investment policy by investment firms, under the Investment Firms Regulation (IFR).
APRA Finalizes Guidance for New Prudential Standard on Remuneration
The Australian Prudential Regulation Authority (APRA) published the prudential practice guide CPG 511 to assist banks, insurers, and superannuation licensees in meeting requirements of CPS 511, the new prudential standard on remuneration.
OCC Updated LIBOR Self-Assessment Tool for Banks
The Office of the Comptroller of the Currency (OCC) published a bulletin that provides an updated self-assessment tool for banks to evaluate their preparedness for cessation of the London Interbank Offered Rate (LIBOR).
TCFD Updates Guidance for Financial Disclosures on Climate Risk
The Financial Stability Board (FSB) published a report that examines the progress made toward disclosures aligned with recommendations of the Task Force on Climate-related Financial Disclosures (TCFD).
BCBS Report Examines Progress on Adoption of Basel III Framework
The Basel Committee on Banking Supervision (BCBS) published the progress report on adoption of the Basel III regulatory framework in member jurisdictions.
ACPR Implements Updates Related to DPM Version 3.1
The French Prudential Supervisory Authority (ACPR) has implemented, in its information system, updates linked to the Data Point Model (DPM) version 3.1.
EBA Note Examines Transition Risks of Benchmark Rates
The European Banking Authority (EBA) published a thematic note that aims to identify and raise awareness of the transition risks of benchmark rates, as the London Interbank Offered Rate (LIBOR) and the Euro Overnight Index Average (EONIA) are close to being phased out.
