Featured Product

    ESRB Presents Conceptual Model for Systemic Cyber Risk

    May 14, 2020

    ESRB is presenting a conceptual model for systemic cyber risk in the financial sector. One of the goals is to provide a structured approach that can be used to describe cyber incidents, from genesis to a potential systemic event. Building on this conceptual model, future work could be undertaken to study the efficacy of individual systemic mitigants; use quantitative or data-driven methods to more accurately express each phase of amplification; or further study the interaction and measurement of impact at institutional and aggregate-system levels.

    The model aims to demonstrate the link between the crystallization of cyber risk in a firm-specific context (portraying micro-prudential concerns) and the possible ramifications for the financial system (applying a macro-prudential focus). Another aim of the model is to identify system-wide vulnerabilities and the unique characteristics of cyber incidents that can act as amplifiers, thus propagating shocks through the financial system. The aim is also to support the use of historical or theoretical scenario-based analysis to demonstrate the viability of the model and suggest system-wide interventions that could act as systemic mitigants. Although the model is geared toward disruption arising from cyber incidents, it can also be used for any source of operational disruption (although some elements of the model may be less relevant).

    To deconstruct and describe the macro-financial implications of operational and cyber risks, the systemic cyber risk model is split into four distinct phases: context, shock, amplification, and systemic event. The context phase is useful for scenario design, but is not essential for assessing systemic vulnerabilities or relevant mitigants. It is possible to adopt a cause-agnostic approach, which ignores the circumstances of disruption and focuses solely on impact. From a micro-prudential perspective, it is important to maintain a dual focus on both idiosyncratic individual vulnerabilities and Common Individual Vulnerabilities. Measuring impact is challenging and remains primarily a judgment-based, qualitative approach. Although some quantitative indicators exist, they should be used to complement and inform impact assessments.

    With regard to policy considerations arising from the model, a systemic event arising from a cyber incident is conceivable. Cyber incidents resulting in near-systemic consequences have occurred, in circumstances that can be described as “severe, but plausible.” However, a truly systemic event would require an alignment of amplifiers and a lack of effective systemic mitigants that would be “extreme, but existential” in nature. A cyber incident that causes only operational-to-operational contagion may have system-wide impact. However, the current base of evidence suggests that a systemic event requires the confidence and/or financial contagion channels to be triggered. 

     

    Related Link: Conceptual Model for Systemic Risk (PDF)

    Keywords: Europe, EU, Banking, Cyber Risk, Systemic Risk, Operational Risk, Scenario-based Analysis, Historical Event Analysis, Basel, ESRB

    Featured Experts
    Related Articles
    News

    APRA Issues Interim Update to Policy Priorities for 2021 and Beyond

    In a letter addressed to the industry, the Australian Prudential Regulation Authority (APRA) set out an updated schedule of policy priorities for the banking, insurance, and superannuation industries.

    September 24, 2021 WebPage Regulatory News
    News

    EC Adopts Solvency II and Resolution Rules Package for Insurers

    The European Commission (EC) adopted a comprehensive review package of Solvency II rules in the European Union.

    September 22, 2021 WebPage Regulatory News
    News

    OCC Issues Booklets on Regulatory Reporting and Earnings

    The Office of the Comptroller of the Currency (OCC) issued Versions 1.0 of the "Earnings" and "Regulatory Reporting" booklets of the Comptroller's Handbook.

    September 22, 2021 WebPage Regulatory News
    News

    ECB Sets Out Results of Economy-Wide Climate Stress Tests

    The European Central Bank (ECB) published results of its economy-wide climate stress test, which aimed to assess the resilience of non-financial corporates and euro area banks to climate risks.

    September 22, 2021 WebPage Regulatory News
    News

    EBA Examines Implications of Increasing Use of Digital Platforms in EU

    The European Banking Authority (EBA) published a report on the use of digital platforms in the banking and payments sector in European Union.

    September 21, 2021 WebPage Regulatory News
    News

    HKMA Issues Updates on Policy Measures Intended to Ease COVID Impact

    The Hong Kong Monetary Authority (HKMA) published updates on the policy measures that were announced in context of the ongoing pandemic.

    September 21, 2021 WebPage Regulatory News
    News

    ISDA Responds to BCBS Proposal on Treatment of Cryptoasset Exposures

    The International Swaps and Derivatives Association (ISDA), along with several other associations, submitted a joint response to the Basel Committee on Banking Supervision (BCBS) consultation on preliminary proposals for the prudential treatment of cryptoasset exposures.

    September 21, 2021 WebPage Regulatory News
    News

    BIS Quarterly Review Discusses Developments in Fintech and ESG Space

    BIS published the September issue of the Quarterly Review, which contains special features that analyze the rapid rise in equity funding for financial technology firms, the effectiveness of policy measures in response to pandemic, and the evolution of international banking.

    September 20, 2021 WebPage Regulatory News
    News

    BCBS to Consult on Supervisory Practices for Climate Risks by Year-End

    The Basel Committee for Banking Supervision (BCBS) met in September 2021 and reviewed climate-related financial risks, discussed impact of digitalization, and welcomed efforts by the International Financial Reporting Standards (IFRS) Foundation to develop a common set of sustainability reporting standards

    September 20, 2021 WebPage Regulatory News
    News

    OCC Identifies Operational Risk Deficiencies in MUFG Union Bank

    The Office of the Comptroller of the Currency (OCC) issued a Cease and Desist Order against MUFG Union Bank for deficiencies in technology and operational risk governance.

    September 20, 2021 WebPage Regulatory News
    RESULTS 1 - 10 OF 7494