General Information & Client Services
  • Americas: +1.212.553.1653
  • Asia: +852.3551.3077
  • China: +86.10.6319.6580
  • EMEA: +44.20.7772.5454
  • Japan: +81.3.5408.4100
Media Relations
  • New York: +1.212.553.0376
  • London: +44.20.7772.5456
  • Hong Kong: +852.3758.1350
  • Tokyo: +813.5408.4110
  • Sydney: +61.2.9270.8141
  • Mexico City: +001.888.779.5833
  • Buenos Aires: +0800.666.3506
  • São Paulo: +0800.891.2518
March 09, 2018

Sabine Lautenschläger and Benoît Cœuré of ECB spoke about cyber resilience at the first meeting of the Euro Cyber Resilience Board for pan-European Financial Infrastructures in Frankfurt. Ms. Lautenschläger highlights that “ECB Banking Supervision takes cyber resilience very seriously” and discussed the ECB progress so far, along with its plans for the future. Mr. Cœuré also discussed the future course of the high-level cyber resilience forum for pan-European financial market infrastructures, critical service providers, and competent authorities.

With respect to the work done so far, Ms. Lautenschläger highlighted that ECB has conducted thematic reviews on cyber risk and outsourcing, a stocktake on how IT risks are supervised outside the euro area, and quite a few on-site inspections into IT and cyber risks, using state-of-the-art methods. ECB has also set up a reporting framework for cyber incidents. Drawing on the EBA guidelines, ECB has developed comprehensive IT risk self-assessments for the banks it supervises, including an extensive section on IT and cyber security. The results of these assessments will feed into the Supervisory Review and Evaluation Process, in which ECB will also challenge the information provided by banks. The review will give a better idea of the overall IT risk landscape in the banking industry and will help to identify blind spots early on and define areas for further investigation; this will eventually feed into the plans for 2019. In addition, the review will help to compare banks and partially anonymized feedback could then be shared with them. She concludes, “While cybercrime may have an aura of mystery and power, cyber resilience is quite the opposite: it calls for vigilance and diligence, day in, day out.”

Additionally, Benoît Cœuré of ECB said that, within the Eurosystem, there has been close collaboration on implementing the Eurosystem oversight cyber resilience strategy for financial market infrastructures, in line with CPMI-IOSCO’s guidance on this topic. He explained the goals and objectives of the Euro Cyber Resilience Board (ECRB) for pan-European Financial Infrastructures and highlighted that ECRB will have no formal powers to impose binding measures and will not make supervisory judgments. The ECRB will be chaired by ECB, which will be closely involved together with national central banks and observers from the relevant European public authorities. He also outlined the two recent activities of ECB:

  • First, a cyber resilience survey, developed under the Eurosystem oversight cyber resilience strategy, was conducted across more than 75 payment systems, central securities depositories, and central counterparties throughout Europe. The survey highlighted a number of very pertinent issues for discussion, such as cyber governance, training and awareness, and cyber incident response.
  • Second, the Eurosystem is finalizing the main elements of the European Threat Intelligence-Based Ethical Red-Teaming (TIBER-EU) Framework. This is an interesting concept that is expected to raise the level of cyber resilience in Europe and enable cross-border, cross-authority testing, which has not been done before.


Related Links

Keywords: Europe, EU, Banking, PMI, Cyber Risk, Banking Supervision, ECB

Related Insights

US Agencies Propose Rule on Appraisals for Real Estate Transactions

US Agencies (FDIC, FED, and OCC) proposed a rule to increase the threshold level at or below which appraisals would not be required for the residential real estate transactions from USD 250,000 to USD 400,000. Comments will be accepted for 60 days from publication in the Federal Register.

December 07, 2018 WebPage Regulatory News

EBA Single Rulebook Q&A: First Update for December 2018

This week one answer was published as part of the Single Rulebook Questions and Answers (Q&A).

December 07, 2018 WebPage Regulatory News

FED Updates Reporting Form and Instructions for FR Y-14Q

FED published the updated reporting form FR Y-14Q for Capital Assessment and Stress Testing, along with the associated instructions.

December 06, 2018 WebPage Regulatory News

PRA Finalizes Policy on Minor Amendments to Regulatory Reporting

PRA published the policy statement PS30/18, which contains the final policy following a consultation (CP16/18) on certain amendments to regulatory reporting.

December 05, 2018 WebPage Regulatory News

GM of BIS Examines Regulatory Implications of Big Tech in Finance

Agustín Carstens, the General Manager (GM) of BIS, during the keynote address at the FT Banking Summit in London, spoke about new challenges and policy implications of big tech in finance.

December 05, 2018 WebPage Regulatory News

ACPR Publishes Version 2.8.1 of the CRD IV Taxonomy

ACPR notified that version 2.8.1 of the Capital Requirements Directive (CRD) IV Data Point Model taxonomy and version 2.1.0 of the Anti-Money Laundering and Terrorist Financing (LCB-FT) taxonomy have been made available.

December 04, 2018 WebPage Regulatory News

European Council Endorses Package on CRD 5, CRR 2, BRRD 2, and SRMR 2

European Council endorsed the agreement achieved between the presidency and the Parliament on the key measures of a comprehensive legislative package aimed at reducing risks in the banking sector in EU.

December 04, 2018 WebPage Regulatory News

BCBS Report Examines Cyber Resilience Practices Across Jurisdictions

BCBS published a report that identifies, describes, and compares the range of observed bank, regulatory, and supervisory cyber-resilience practices across jurisdictions.

December 04, 2018 WebPage Regulatory News

EIOPA Publishes Q&A on Regulations and Guidelines

EIOPA published new sets of questions and answers (Q&A) on guidelines, implementing regulations, and delegated regulations applicable to insurers in Europe.

December 03, 2018 WebPage Regulatory News

ESMA Registers A.M. Best (EU) Rating Services as Credit Rating Agency

ESMA, the direct supervisor of credit rating agencies (CRAs) in EU, has registered A.M. Best (EU) Rating Services B.V. as a CRA under the CRA Regulation, with effect from December 03, 2018.

December 03, 2018 WebPage Regulatory News
RESULTS 1 - 10 OF 2310