General Information & Client Services
  • Americas: +1.212.553.1653
  • Asia: +852.3551.3077
  • China: +86.10.6319.6580
  • EMEA: +44.20.7772.5454
  • Japan: +81.3.5408.4100
Media Relations
  • New York: +1.212.553.0376
  • London: +44.20.7772.5456
  • Hong Kong: +852.3758.1350
  • Tokyo: +813.5408.4110
  • Sydney: +61.2.9270.8141
  • Mexico City: +001.888.779.5833
  • Buenos Aires: +0800.666.3506
  • São Paulo: +0800.891.2518
July 05, 2017

The PRA published policy statement PS15/17 and supervisory statement SS4/17 on cyber insurance underwriting risk. PS15/17 provides feedback to responses to the consultation paper CP39/16, titled “Cyber insurance underwriting risk.” SS4/17 sets out the PRA’s final expectations regarding the prudent management of cyber underwriting risk. Both the statements are relevant to all UK non-life insurance and reinsurance firms and groups within the scope of Solvency II, including the Society of Lloyd’s and managing agents.

The SS4/17 expands on the PRA’s general approach as set out in its insurance approach document. By clearly and consistently explaining its expectations of firms in relation to the particular areas addressed, the PRA seeks to advance its statutory objectives of ensuring the safety and soundness of the firms it regulates and contributing to securing an appropriate degree of protection for policyholders. The PRA’s expectations are split into the three broad areas of non-affirmative cyber risk, cyber risk strategy and risk appetite, and cyber expertise. The PRA had received thirteen responses to CP39/16 and has amended the supervisory statement accordingly.

 

In this context, cyber insurance underwriting risk is defined as the set of prudential risks emanating from underwriting insurance contracts that are exposed to cyber-related losses resulting from malicious acts and non-malicious acts involving both tangible and intangible assets. Malicious could include cyber-attack and infection of an IT system with malicious code while the examples of non-malicious attacks are loss of data, accidental acts, or omissions. The PRA expects firms to be able to identify, quantify, and manage the risks emanating from cyber underwriting risk both in terms of affirmative and "silent" cover.


Related Links

PS15/17 (PDF)

SS4/17 (PDF)

CP39/16 (PDF)

Keywords: Europe, PRA, United Kingdom, Insurance, Prudential Risk, Cyber Risk, Cyber Insurance

Related Insights
News

CBB Proposes and Finalizes Rulebook Modules for Banks in November 2018

CBB announced the issuance of new leverage ratio requirements under Module CA (Part 3) for Islamic (Chapter CA-10) and conventional bank licensees (Chapter CA-15).

November 15, 2018 WebPage Regulatory News
News

IAIS Publishes Drafts of Revised ICP 8, ICP 15, ICP 16, and ICP 20

IAIS published the drafts of revised Insurance Core Principles on Public Disclosure (ICP 20), Investments (ICP 15), Enterprise Risk Management for Solvency Purposes (ICP 16), and Risk Management and Internal Controls (ICP 8), along with a revised draft of the glossary on enterprise risk management (ERM).

November 14, 2018 WebPage Regulatory News
News

MAS Amends Notice 637 on Capital Adequacy Requirements in Singapore

MAS published the final, revised Notice 637 on the risk-based capital adequacy requirements in Singapore.

November 13, 2018 WebPage Regulatory News
News

ESMA Updates Q&A on Implementation of CSD Regulation and MAR

ESMA updated questions and answers (Q&A) documents on the implementation of the Central Securities Depository (CSD) Regulation and Market Abuse Regulation (MAR).

November 12, 2018 WebPage Regulatory News
News

FSB Finalizes and Publishes the Cyber Lexicon

FSB published a cyber lexicon, following the public consultation earlier this year.

November 12, 2018 WebPage Regulatory News
News

SRB Updates Liability Data Reporting Template for 2019

SRB published version 2.7.1 of the Liability Data Reporting (LDR) Template.

November 12, 2018 WebPage Regulatory News
News

ECB to Conduct Comprehensive Assessment of Six Bulgarian Banks

ECB will undertake a comprehensive assessment of six Bulgarian banks. The exercise, comprising an asset quality review and a stress test, follows Bulgaria’s submission of a request to establish close cooperation with ECB on July 18, 2018.

November 12, 2018 WebPage Regulatory News
News

IMF Publishes Reports on the 2018 Article IV Consultation with Chile

IMF published its staff report and selected issues report under the 2018 Article IV consultation with Chile.

November 09, 2018 WebPage Regulatory News
News

PRA Issues PS27/18 on Implementing the Extension of SM&CR to Insurers

PRA published the policy statement PS27/18, which provides feedback to responses to the consultation paper CP20/18, on implementing the extension of the Senior Managers and Certification Regime (SM&CR) to insurers (Part 2).

November 09, 2018 WebPage Regulatory News
News

EBA Single Rulebook Q&A: First Update for November 2018

EBA published answers to seven questions under the Single Rulebook question and answer (Q&A) updates for this week.

November 09, 2018 WebPage Regulatory News
RESULTS 1 - 10 OF 2207