The PRA published policy statement PS15/17 and supervisory statement SS4/17 on cyber insurance underwriting risk. PS15/17 provides feedback to responses to the consultation paper CP39/16, titled “Cyber insurance underwriting risk.” SS4/17 sets out the PRA’s final expectations regarding the prudent management of cyber underwriting risk. Both the statements are relevant to all UK non-life insurance and reinsurance firms and groups within the scope of Solvency II, including the Society of Lloyd’s and managing agents.
The SS4/17 expands on the PRA’s general approach as set out in its insurance approach document. By clearly and consistently explaining its expectations of firms in relation to the particular areas addressed, the PRA seeks to advance its statutory objectives of ensuring the safety and soundness of the firms it regulates and contributing to securing an appropriate degree of protection for policyholders. The PRA’s expectations are split into the three broad areas of non-affirmative cyber risk, cyber risk strategy and risk appetite, and cyber expertise. The PRA had received thirteen responses to CP39/16 and has amended the supervisory statement accordingly.
In this context, cyber insurance underwriting risk is defined as the set of prudential risks emanating from underwriting insurance contracts that are exposed to cyber-related losses resulting from malicious acts and non-malicious acts involving both tangible and intangible assets. Malicious could include cyber-attack and infection of an IT system with malicious code while the examples of non-malicious attacks are loss of data, accidental acts, or omissions. The PRA expects firms to be able to identify, quantify, and manage the risks emanating from cyber underwriting risk both in terms of affirmative and "silent" cover.
Keywords: Europe, PRA, United Kingdom, Insurance, Prudential Risk, Cyber Risk, Cyber Insurance
RBNZ published the financial stability report for May 2020. This review of the financial system in the country highlights that the economic disruption associated with COVID-19 will present challenges to the financial system.
Financial policymakers and international standard-setters met virtually with private-sector executives to discuss international policy responses to COVID-19 pandemic.
HKMA is consulting on revisions to the Supervisory Policy Manual module CR-G-14 on margin and other risk mitigation standards for non-centrally cleared over-the-counter (OTC) derivatives transactions.
EBA published thematic note presenting a preliminary assessment of the impact of COVID-19 outbreak on the banking sector in EU.
HKMA published a circular, addressed to authorized institutions, on the application of the Basel Committee guidance on certain COVID-related measures.
PRA provided further information on the application of regulatory capital and IFRS 9 requirements to payment holidays granted or extended to address the challenges arising from COVID-19 outbreak.
PRA published final policy (in PS13/20) setting out the approach and expectations for authorization and supervision of insurance special purpose vehicles (ISPVs or insurance SPVs).
BoE published version 2.0.1 of the Capital+ XBRL Utility, along with the related release notes.
HKMA announced the publication of a report on fintech adoption and innovation in the banking industry in Hong Kong.
BIS published a working paper that examines the drivers of cyber risk, especially in context of the cloud services.