FCA published a report on insights on the cyber resilience practices in the financial industry. The report presents examples of the cyber security practices that firms have shared with FCA. FCA hopes that these practices and experiences will help firms when considering where to prioritize their efforts in increasing cyber resilience.
Since 2017, FCA has brought together over 175 firms across different financial sectors to share information and ideas from their cyber experiences. FCA runs the Cyber Coordination Groups (CCGs) with industry to help improve cyber-security practices among members of the CCGs and their sectors. Over the last year, the groups have been discussing and sharing practices in the areas of Governance, Identification, Protection, Detection, Situational Awareness, Response and Recovery, and Testing. FCA has collated the examples shared by firms and set out those it considers to be beneficial for a wider audience under each of these themes:
- Putting good governance in place
- Identifying what needs to be protected
- Protecting assets appropriately
- Using good detection systems
- Being aware of emerging threats and issues
- Being ready to respond and recover
- Testing and refining defenses
The insights in this publication may be relevant for small and medium-size firms. However, FCA encourages all firms to consider whether these insights may be useful to them. FCA warns that this document should not be considered as FCA guidance, as it does not set out the FCA expectations about what systems and controls firms should have in place to comply with its regulatory requirements. However, many of the shared examples support existing guidance from the National Cyber Security Center.
Keywords: Europe, UK, Banking, Securities, Insurance, Cyber Resilience, Cyber Risk, Cyber Security, Regtech, FCA
HKMA is consulting on revisions to the Supervisory Policy Manual module CR-G-14 on margin and other risk mitigation standards for non-centrally cleared over-the-counter (OTC) derivatives transactions.
PRA provided further information on the application of regulatory capital and IFRS 9 requirements to payment holidays granted or extended to address the challenges arising from COVID-19 outbreak.
HKMA announced the publication of a report on fintech adoption and innovation in the banking industry in Hong Kong.
BIS published a working paper that examines the drivers of cyber risk, especially in context of the cloud services.
ECB launched consultation on a guide specifying how the Banking Supervision expects banks to consider climate-related and environmental risks in their governance and risk management frameworks and when formulating and implementing their business strategy.
ECB published an opinion (CON/2020/16) on amendments to the prudential framework in EU in response to the COVID-19 pandemic.
EBA published a report that examines the interlinkages between recovery and resolution planning under the Bank Recovery and Resolution Directive (BRRD).
SRB published the final Minimum Requirements for Own Funds and Eligible Liabilities (MREL) policy under the Banking Package.
US Agencies (FDIC, FED, and OCC) published a final rule that makes technical changes to the March 31, 2020 interim final rule that provides a five-year transition period for the impact of the current expected credit loss (CECL) methodology on regulatory capital.
ECB published results of the March 2020 survey on credit terms and conditions in euro-denominated securities financing and over-the-counter (OTC) derivatives markets.