IOSCO published a final report that examines the application of the three internationally recognized cyber standards and frameworks by IOSCO member jurisdictions. This report, by the IOSCO Cyber Task Force, also identifies potential gaps in the application of these standards and seeks to promote sound cyber practices across the IOSCO membership.
The three cyber standards are the CPMI-IOSCO Guidance on Cyber Resilience for Financial Market Infrastructures; the National Institute of Standards and Technology Framework for improving Critical Infrastructure Cybersecurity; and the International Organization for Standardization 27000 series standards. The report does not propose new cyber standards or guidance. By highlighting the application of the Core Standards by some IOSCO members, the Cyber Task Force hopes more members will review their own cyber standards against the practices of the Core Standards and, where relevant, use the Core Standards as a model to further enhance their cyber regimes. Finally, the report sets out a series of questions that firms and regulators may use to promote awareness of cyber good practices or to guide them as they review their own practices.
The report finds that IOSCO members have made good progress in establishing appropriate cyber regimes, though there is still work to be done in key areas. The Cyber Task Force recommends that further work be considered to explore this report’s findings. It is recommended that the Cyber Task Force should consider exploring the use of sector-wide organizational surveys as part of the next phase of its work to gain a better understanding of where the gaps lie. The report is intended to serve as a resource for financial market regulators and firms, raise awareness of existing international cyber standards and frameworks, and encourage the adoption of good practices to protect against cyber risk.
Keywords: International, Banking, Insurance, Securities, PMI, Cyber Risk, Cyber Task Force, Cyber Security, Operational Risk, IOSCO
Previous ArticleEC Publishes Guidelines on Climate-Related Information Reporting
EBA issued a revised list of validation rules with respect to the implementing technical standards on supervisory reporting.
EBA published its response to the call for advice of EC on ways to strengthen the EU legal framework on anti-money laundering and countering the financing of terrorism (AML/CFT).
NGFS published a paper on the overview of environmental risk analysis by financial institutions and an occasional paper on the case studies on environmental risk analysis methodologies.
MAS published the guidelines on individual accountability and conduct at financial institutions.
APRA published final versions of the prudential standard APS 220 on credit quality and the reporting standard ARS 923.2 on repayment deferrals.
SRB published two articles, with one article discussing the framework in place to safeguard financial stability amid crisis and the other article outlining the path to a harmonized and predictable liquidation regime.
FSB hosted a virtual workshop as part of the consultation process for its evaluation of the too-big-to-fail reforms.
ECB updated the list of supervised entities in EU, with the number of significant supervised entities being 115.
OSFI published the key findings of a study on third-party risk management.
FSB is extending the implementation timeline, by one year, for the minimum haircut standards for non-centrally cleared securities financing transactions or SFTs.