AMF Publishes Guideline on ICT Risk Management
AMF published the guideline on information and communications technology (ICT) risk management. The guideline takes into account developments in ICT risk management and reflects observations made by AMF in the course of its supervisory activities in relation to the financial institutions concerned. The effective date of this guideline is February 27, 2020. With respect to the legal obligation imposed on the institutions to follow sound and prudent management practices, AMF expects each institution to adopt the principles of this guideline by developing strategies, policies, and procedures commensurate with its nature, scale, complexity, and risk profile.
The guideline is intended for authorized insurers, federations of mutual companies, financial services cooperatives, and legal persons belonging to a cooperative group, authorized trust companies, savings companies, and certain other deposit institutions. It describes the expectations of AMF with respect to ICT risk. The ultimate goal of these expectations is to strengthen the financial sector’s resilience in response to the risk of data being lost, leaked, stolen, corrupted, or accessed without authorization. These expectations are intended to ensure the development of appropriate security hygiene through the implementation of measures that will help prevent a major incident and limit its impact.
Each institution is responsible for clearly understanding all its ICT risks and ensuring that they are appropriately considered in light of the institution’s nature, size, complexity, and risk profile. AMF is also responsible for staying current on the best practices in ICT risk management and adopting them to the extent that they meet its needs. The standards or policies adopted by a federation with respect to financial services cooperatives and mutual insurance associations that are members of the federation should be consistent, if not convergent, with the principles of sound and prudent management set down in legislation and clarified in this guideline.
Effective Date: February 27, 2020
Keywords: Americas, Canada, Banking, Insurance, Guideline, ICT, Cyber Risk, Data Protection, AMF
Previous Article
PRA Updates Release Note for BoE Banking Taxonomy Version 3.3.0Related Articles
HKMA on Fintech Adoption and Innovation by Banks in Hong Kong
HKMA announced the publication of a report on fintech adoption and innovation in the banking industry in Hong Kong.
BIS on Impact of Increasing Use of Cloud Technology on Cyber Risk
BIS published a working paper that examines the drivers of cyber risk, especially in context of the cloud services.
ECB Consults on Guide for Managing Climate and Environmental Risks
ECB launched consultation on a guide specifying how the Banking Supervision expects banks to consider climate-related and environmental risks in their governance and risk management frameworks and when formulating and implementing their business strategy.
ECB Issues Opinion on Revisions to CRR in Response to COVID Crisis
ECB published an opinion (CON/2020/16) on amendments to the prudential framework in EU in response to the COVID-19 pandemic.
EBA Assesses Interlinkages Between Recovery and Resolution Planning
EBA published a report that examines the interlinkages between recovery and resolution planning under the Bank Recovery and Resolution Directive (BRRD).
SRB Publishes Final MREL Policy Under the Banking Package
SRB published the final Minimum Requirements for Own Funds and Eligible Liabilities (MREL) policy under the Banking Package.
US Agencies Amend Interim Final Rule on Transition Period for CECL
US Agencies (FDIC, FED, and OCC) published a final rule that makes technical changes to the March 31, 2020 interim final rule that provides a five-year transition period for the impact of the current expected credit loss (CECL) methodology on regulatory capital.
ECB Releases Results of March Survey on Credit Terms and Conditions
ECB published results of the March 2020 survey on credit terms and conditions in euro-denominated securities financing and over-the-counter (OTC) derivatives markets.
FINMA Adjusts Deadlines for COVID-19 Relief Measures for Banks
FINMA published guidance (06/2020) on extending or discontinuing various exemptions that were granted due to the COVID-19 crisis.
SRB Consults on Standardized Data Set for Bank Valuation in Resolution
SRB launched a consultation on the minimum data needed for valuation of a bank in resolution.
