Featured Product

    Nick Strange of BoE on Operational Resilience of UK Financial Sector

    May 14, 2019

    Nick Strange, the Director of Supervisory Risk Specialists at BoE, spoke at the 21st annual operational risk Europe Conference in London. Nick Strange examined ways to improve operational resilience of the UK financial sector and described the Financial Policy Committee’s (FPC) upcoming cyber stress testing pilot on payment systems. He discussed how BoE works internationally to ensure consistency across regulatory boundaries, along with BoE's direct engagement with the financial sector to help firms build resilience.

    Mr. Strange highlighted that BoE will publish a consultation paper later this year, which will set out the proposed policies and explain the approach to supervising operational resilience. Aligning supervisory approach toward continuity of services necessitates a review of that approach. However, where possible, BoE will build on existing policies and rules, placing them within a clear and consistent framework. Key elements of the existing supervisory approach, such as reviewing the effectiveness of firms’ governance and risk management functions, will continue to be the important components in assessing firms’ operational resilience capability. 

    Mr. Strange mentioned that the role of FPC is to identify, monitor, and take action to remove or reduce systemic risks to protect and enhance the resilience of UK financial system. Cyber risk is one of the key risks they are focused on. FPC has indicated that it will establish a tolerance for the amount of disruption to the delivery of vital services. Where BoE will expect firms to test their own impact tolerances, FPC will ask firms to test its tolerances too, in severe but plausible scenarios. This is referred to as cyber stress testing. By testing firms’ ability to contain any disruption to business services in severe but plausible scenarios to a predefined tolerance level, a suitable degree of proportionality will be injected. He highlighted that BoE will build on its experience with financial (concurrent) stress testing, to pilot cyber stress testing.

    • Specifically, later this year, BoE will test an impact tolerance for payments in a hypothetical scenario where firms’ IT systems supporting their payments function become unavailable.
    • BoE will be working with a small number of firms to "test the test" and gather  initial information on whether an end-of-value date tolerance for this vital service would be appropriate from a financial stability point of view.
    • FPC also indicated that in future it may consider a data integrity scenario. 

    In recent times, the G-7 Cyber Expert Group, which represents 23 financial authorities, has issued four "Fundamental Elements" publications. The document on threat-led penetration testing may be of particular interest. As more jurisdictions and more sectors develop threat-led penetration testing, concerns have started to arise over potential risk of duplication and the slight difference in approaches. The next step for the Cyber Expert Group is to establish a collective view of vulnerabilities, which it can then use to prioritize its future work stack. The Cyber Expert Group also provides a forum for G-7 authorities to develop their collective operational capabilities. In just a couple of weeks, the Group will be facilitating a cross-border simulation exercise to explore how authorities would communicate and coordinate in the face of a significant cyber incident. The group will also examine the consequences of a resulting multi-day disruption at a large international bank that may be financially viable, but operationally disabled.

    He highlighted that BoE engages with the financial sector in ways other than consultations. First, together with UK Finance, BoE co-chairs the Cross Market Operational Resilience Group (CMORG). The job of CMORG is to promote work that strengthens the resilience of the financial sector and its ability to respond to operational incidents. The second initiative, which he highlighted, relates to industry coordination in the event of a serious cyber event. Following a successful fact-finding mission (nicknamed project Strider), the finance industry has come together to initiate the Financial Sector Cyber Collaboration Center. 


    Related Link: Speech

     

    Keywords: Europe, UK, Banking, Insurance, Securities, Operational Resilience, Stress Testing, Cyber Risk, Cyber Risk, Supervisory Approach, Threat-Led Penetration Testing, FCA, BoE

    Featured Experts
    Related Articles
    News

    APRA Revises Related Entities Standard for Banks

    APRA published a strengthened prudential standard APS 222 on associations with related entities, with the aim to mitigate contagion risk within banking groups.

    August 20, 2019 WebPage Regulatory News
    News

    FSB on Responses to Consultation on Wind-Down of Trading Portfolios

    FSB published responses received to the consultation on the solvent wind-down of the derivatives and trading book portfolio of a global systemically important bank (G-SIB).

    August 19, 2019 WebPage Regulatory News
    News

    FSB Publishes Responses to Consultation on Resolvability Disclosures

    FSB published responses received to the consultation on disclosures for resolution planning and resolvability of banks.

    August 19, 2019 WebPage Regulatory News
    News

    HKMA Revises Implementation Schedule for Initial Margin Rules

    HKMA intends to adopt a revised implementation schedule for the margin requirements for non-centrally cleared derivatives.

    August 16, 2019 WebPage Regulatory News
    News

    HKMA Revises Guideline on Application of Banking Disclosure Rules

    HKMA issued a revised version of the Supervisory Policy Manual module CA-D-1 on guideline on the application of the Banking (Disclosure) Rules (BDR).

    August 16, 2019 WebPage Regulatory News
    News

    ECB Decision on Recognizing Reporting Member States Under AnaCredit

    ECB has finalized the Decision 2019/1348 (ECB/2019/20) that establishes procedure for recognizing non-euro area member states as reporting member states under the AnaCredit Regulation (EU 2016/867).

    August 16, 2019 WebPage Regulatory News
    News

    FASB Proposes to Extend CECL Standard Deadline for Certain Entities

    FASB proposed an Accounting Standards Update that would grant private companies, not-for-profit organizations, and certain small public companies additional time to implement FASB standards on current expected credit losses (CECL), leases, and hedging.

    August 15, 2019 WebPage Regulatory News
    News

    IASB Adds Phase Two of IBOR Reform to Its Work Plan

    IASB (or the Board) has added the second phase of its project focused on potential financial reporting implications linked to the interest rate benchmark reform—interbank offer rate (IBOR) reform—to its work plan.

    August 15, 2019 WebPage Regulatory News
    News

    FED Updates Draft Instructions for Proposed FR Y-14 Reporting Forms

    FED updated draft instructions for the monthly, quarterly, and annual capital assessments and stress testing reports, also known as forms FR Y-14M, FR Y-14Q, FR Y-14A, respectively.

    August 15, 2019 WebPage Regulatory News
    News

    FASB Proposes Taxonomy Changes Related to Topics 326, 815, and 842

    FASB is proposing taxonomy improvements for the proposed Accounting Standards Update on clarifying the interactions among topic 321 on investments in equity securities), topic 323 on investments under equity method and joint ventures), and topic 815 on derivatives and hedging.

    August 15, 2019 WebPage Regulatory News
    RESULTS 1 - 10 OF 3665