Featured Product

    EIOPA Finalizes Guidelines on ICT Security and Governance

    October 12, 2020

    EIOPA finalized the guidelines on information and communication technology (ICT) security and governance for the insurance sector. The guidelines address how rules on operational risks set forth in the Solvency II Directive and in the Delegated Regulation 2015/35 are applied to the ICT security and governance. EIOPA consulted on the draft guidelines between December 2019 and March 2020 and has also published its response to the key issues raised in the feedback. The guidelines are intended for both market participants and the national supervisory authorities, which are expected to apply these guidelines from July 01, 2021.

    The objective of the guidelines is to promote the increase of the operational resilience of the digital operations of insurance and reinsurance undertakings against the risks they face. Operational resilience is key to protecting the digital assets (including their systems and data) of insurance and reinsurance undertakings. The guidelines provide clarification and transparency to market participants on the minimum expected information and cyber-security capabilities and help to avoid potential regulatory arbitrage. These guidelines are also intended to foster supervisory convergence regarding the expectations and processes applicable in relation to ICT security and governance as a key to proper ICT and security risk management.

    Competent authorities should, when complying or supervising compliance with these guidelines, take into account the principle of proportionality. This principle should should ensure that governance arrangements, including those related to ICT security and governance are proportionate to the nature, scale, and complexity of the corresponding risks undertakings face or may face. The guidelines should be read in conjunction with the Solvency II Directive, the Delegated Regulation 2015/35, the EIOPA guidelines on system of governance, and the EIOPA guidelines on outsourcing to cloud service providers. 


    Related Links

    Effective Date: July 01, 2021 (expected)

    Keywords: Europe, EU, Insurance, Governance, Operational Risk, Solvency II, Cloud Service Providers, ICT Risk, EIOPA

    Featured Experts
    Related Articles
    News

    HKMA Finalizes Policy Modules on Group-Wide Approach and Remuneration

    The Hong Kong Monetary Authority (HKMA) revised the Supervisory Policy Manual module CG-5 that sets out guidelines on a sound remuneration system for authorized institutions.

    July 29, 2021 WebPage Regulatory News
    News

    EBA Guide to Monitor Threshold for Intermediate Parent Undertakings

    The European Banking Authority (EBA) published the final guidelines on the monitoring of the threshold and other procedural aspects on the establishment of intermediate parent undertakings in European Union (EU), as laid down in the Capital Requirements Directive (CRD).

    July 28, 2021 WebPage Regulatory News
    News

    PRA Finalizes Approach to Supervision of International Banks

    In a recent Market Notice, the Bank of England (BoE) confirmed that green gilts will have equivalent eligibility to existing gilts in its market operations.

    July 26, 2021 WebPage Regulatory News
    News

    FCA Issues PS21/9 on Implementation of Investment Firms Regime

    The Financial Conduct Authority (FCA) published the policy statement PS21/9 on implementation of the Investment Firms Prudential Regime.

    July 26, 2021 WebPage Regulatory News
    News

    EBA Proposes Regulatory Standards to Identify Shadow Banking Entities

    The European Banking Authority (EBA) proposed regulatory technical standards that set out criteria for identifying shadow banking entities for the purpose of reporting large exposures.

    July 26, 2021 WebPage Regulatory News
    News

    IOSCO Proposes Recommendations on ESG Ratings and Data Providers

    The Board of the International Organization of Securities Commissions (IOSCO) proposed a set of recommendations on the environmental, social, and governance (ESG) ratings and data providers.

    July 26, 2021 WebPage Regulatory News
    News

    ESMA Group Issues Recommendations on RFR Switch in Interdealer Market

    The European Securities and Markets Authority (ESMA) published recommendations from the Working Group on Euro Risk-Free Rates (RFR) on the switch to risk-free rates in the interdealer market.

    July 26, 2021 WebPage Regulatory News
    News

    ECB Study Assesses Impact of Basel III Finalization Package

    The European Central Bank (ECB) published a paper as well as an article in the July Macroprudential Bulletin, both of which offer insights on the assessment of the impact of Basel III finalization package on the euro area.

    July 26, 2021 WebPage Regulatory News
    News

    ISDA Finds FRTB Results in Higher Capital Charges for Carbon Trading

    The International Swaps and Derivatives Association (ISDA) published a paper that explores the impact of the Fundamental Review of the Trading Book (FRTB) on the trading of carbon certificates.

    July 26, 2021 WebPage Regulatory News
    News

    PRA Updates Remuneration Policy Statement Templates and Tables

    The Prudential Regulation Authority (PRA) published the remuneration policy self-assessment templates and tables on strengthening accountability.

    July 26, 2021 WebPage Regulatory News
    RESULTS 1 - 10 OF 7307