The Central Bank of Bahrain (CBB) is amending requirements under the operational risk management module (Module OM) of Volumes 1 and 2 of the CBB Rulebook for conventional banks and Islamic banks, respectively.
These amendments, which relate to requirements on reporting cyber-security incidents, became effective immediately on publication. The updated requirements specify that on occurrence or detection of any cyber-security incident, whether internal or external, that compromises customer information or disrupts critical services that affect operations, conventional and Islamic bank licensees must contact CBB immediately (within one hour) and submit Section A of the Cyber Security Incident Report (Appendix OM-1) to CBB within two hours. Following the submission of Section A of the Report, the licensee must submit to CBB Section B of the Cyber Security Incident Report (Appendix OM-1) within 10 calendar days of the occurrence of the cyber security incident. Licensees must include all relevant details in the report, including the full root cause analysis of the cyber security incident, its impact on the business operations and customers, and all measures taken by the licensee to stop the attack, mitigate its impact, and ensure that similar events do not recur. In addition, a weekly progress update must be submitted to CBB until the incident is fully resolved.
- Notification on Amended Requirements for Conventional Banks
- Module OM for Conventional Banks (PDF)
- Notification on Amended Requirements for Islamic Banks
- Module OM for Islamic Banks (PDF)
Keywords: Middle East and Africa, Bahrain, Banking, Basel, Regtech, Cyber Security, Incident Reporting, Cyber Risk, CBB Rulebook, Islamic Banking, Operational Risk, Module OM, CBB
Next ArticleECB Issues Opinion on Proposed Amendments to CRR
The European Banking Authority (EBA) published the final draft regulatory technical standards specifying and, where relevant, calibrating the minimum performance-related triggers for simple.
The European Central Bank (ECB) is undertaking the integrated reporting framework (IReF) project to integrate statistical requirements for banks into a standardized reporting framework that would be applicable across the euro area and adopted by authorities in other EU member states.
The European Banking Authority (EBA) has been awarded the top European Standard for its environmental performance under the European Eco-Management and Audit Scheme (EMAS).
The Monetary Authority of Singapore (MAS) set out the Financial Services Industry Transformation Map 2025 and, in collaboration with the SGX Group, launched ESGenome.
The Basel Committee on Banking Supervision met, shortly after a gathering of the Group of Central Bank Governors and Heads of Supervision (GHOS), the oversight body of BCBS.
The International Organization of Securities Commissions (IOSCO) welcomed the work of the international audit and assurance standard setters—the International Auditing and Assurance Standards Board (IAASB)
The Bank of England (BoE) published a Statistical Notice (2022/18), which informs that due to the Bank Holiday granted for Her Majesty Queen Elizabeth II’s State Funeral on Monday September 19, 2022.
The French Prudential Control and Resolution Authority (ACPR) announced that the European Banking Authority (EBA) has updated its filing rules and the implementation dates for certain modules of the EBA reporting framework 3.2.
The European Central Bank (ECB) published a paper that examines how credit rating agencies accepted by the Eurosystem, as part of the Eurosystem Credit Assessment Framework (ECAF)
The Australian Prudential Regulation Authority (APRA) announced reduction in the aggregate Committed Liquidity Facility (CLF) for authorized deposit-taking entities to ~USD 33 billion on September 01, 2022.