IAIS published a draft application paper on the supervision of insurer cybersecurity. The application paper provides further guidance to supervisors seeking to develop or enhance their approach to supervising the cyber risk, cybersecurity, and cyber resilience of insurers. Insurers are also invited to consider the application paper, to assist in developing and implementing good cybersecurity practices in their organizations. Comments on the proposal are due by August 13, 2018.
The application paper is generally principles-based and builds on frameworks and guidance from multiple sources, including the "G7 Fundamental Elements of Cyber Security for the Financial Sector"; the related "G7 Fundamental Elements for Effective Assessment of Cybersecurity for the Financial Sector"; and the CPMI-IOSCO guidance on cyber resilience for financial market infrastructures. The paper focuses on supervision of insurers’ cybersecurity. It does not cover cyber insurance products nor the use of cyber insurance in the reduction of residual risks. IAIS also published consultations on the revised ICPs 6 and 20 and it will hold a public background session on July 16, 2018 to discuss these revised ICPs.
Under IAIS procedures an application paper can provide additional material related to one or more Insurance Core Principles (ICPs) that help with practical application of ICPs, but an application paper is not binding and does not establish standards. Application papers can provide examples of good practices, in addition to advice and recommendations on how ICPs may be implemented.
Comment Due Date: August 13, 2018
Keywords: International, Insurance, Application Paper, Insurer Cybersecurity, Cyber Risk, IAIS
Previous ArticleRBNZ Issues In-Principle Decisions on Capital Requirements for Banks
ECB finalized the guide on assessment methodology for the internal model method for calculating exposure to counterparty credit risk (CCR) and the advanced method for own funds requirements for credit valuation adjustment (A-CVA) risk.
EBA published an Opinion addressed to EC to raise awareness about the opportunity to clarify certain issues related to the definition of credit institution in the upcoming review of the Capital Requirements Directive and Regulation (CRD and CRR).
APRA is consulting on updates to ARS 210.0, the reporting standard that sets out requirements for provision of information on liquidity and funding of an authorized deposit-taking institution.
FED released hypothetical scenarios for a second round of stress tests for banks.
PRA published updates in relation to the 2021 Supervisory Benchmarking Portfolio exercise.
FED adopted a proposal to extend for three years, with revision, the capital assessments and stress testing reports (FR Y-14A/Q/M; OMB No. 7100-0341).
HKMA revised the Supervisory Policy Manual module CR-G-14 on margin and other risk mitigation standards for non-centrally cleared over-the-counter (OTC) derivatives transactions.
EBA issued a revised list of validation rules with respect to the implementing technical standards on supervisory reporting.
EBA published its response to the call for advice of EC on ways to strengthen the EU legal framework on anti-money laundering and countering the financing of terrorism (AML/CFT).
NGFS published a paper on the overview of environmental risk analysis by financial institutions and an occasional paper on the case studies on environmental risk analysis methodologies.