Featured Product

    FSB Sets Out Effective Practices for Cyber Incident Recovery

    October 19, 2020

    FSB finalized the toolkit of effective practices to assist financial institutions in their cyber incident response and recovery activities. The toolkit includes 49 practices for effective cyber incident response and recovery across seven components, which are governance, planning and preparation, analysis, mitigation, restoration and recovery, coordination and communication, and improvement. The final toolkit was delivered to G20 Finance Ministers and Central Bank Governors for their October meeting. FSB also published an overview of responses received to the consultation on this toolkit. The overview explains the main issues raised in the public consultation, along with the changes made to the final toolkit to address these issues.

    The toolkit presents effective practices that organizations have adopted while taking into account jurisdictions’ legislative, judicial, and regulatory frameworks, the size of the organization, the role of the organization in the financial ecosystem, and the extent to which stakeholders are affected by a cyber incident. The toolkit is composed as a resource and reference guide for effective practices using common cyber-taxonomies in a manner aligned to industry standards accessible to senior management, board of directors, or other governance or compliance, risk, and legal professionals that interface with cybersecurity technical experts in the organization, the standard-setting bodies, or the authorities. While many of these effective practices are already in use by larger organizations, they could also be valuable for smaller and less complex organizations to help strengthen their cyber resilience. FSB points out that the COVID-19 pandemic highlighted the need for many organizations and authorities to consider adjustments to cyber risk management processes, cyber incident reporting, cyber incident response, and recovery activities as well as management of critical third-party service providers (for example, cloud services) and relevant stakeholders. Effective preparation and testing of incident response and recovery plans, particularly business continuity planning, facilitated organizations’ transition to remote work and operations. Furthermore, effective communication across the supply chain, including through intra-group entities and third-party service providers, is often highlighted as a key challenge.

    The draft toolkit of effective practices was published for public consultation in April 2020. In developing the consultative document, FSB conducted a stocktake of publicly released guidance from national authorities, international organizations and other external stakeholders; reviewed existing standards and case studies on past cyber incidents; and engaged with external stakeholders at workshops and bilateral meetings. FSB also drew on insights from national authorities based on their supervisory work. The public consultation period ended on July 20, 2020 and 58 responses were received from a wide range of external stakeholders, including banks, insurers, financial market intermediaries, industry associations, IT service providers, and public authorities. Drawing on the feedback from the public consultation, FSB further clarified the proportionate and risk-based nature of the toolkit to improve its usability. Second, the toolkit is better aligned with industry practices and international standards. 

     

    Related Links

    Keywords: International, Banking, Insurance, Securities, Cyber Risk, Governance, Cyber Incident, Responses and Recovery, Toolkit, Operational Risk, COVID-19, Cloud Computing, Third-Party Arrangements, FSB

    Related Articles
    News

    APRA Finalizes Guidance on Management of Climate Change Risks

    The Australian Prudential Regulation Authority (APRA) released the final Prudential Practice Guide on management of climate change financial risks (CPG 229) for banks, insurers, and superannuation trustees.

    November 26, 2021 WebPage Regulatory News
    News

    European Council Adopts Position on Digital Finance Package Proposals

    The European Council adopted its position on two proposals that are part of the digital finance package adopted by the European Commission in September 2020, with one of the proposals involving the regulation on markets in crypto-assets (MiCA) and the other involving the Digital Operational Resilience Act (DORA).

    November 25, 2021 WebPage Regulatory News
    News

    PRA Proposes Rulebook Changes; BoE Extends BEEDS Testing Window

    The Prudential Regulation Authority (PRA) is proposing, via the consultation paper CP21/21, to apply group provisions in the Operational Resilience Part of the PRA Rulebook (relevant for the Capital Requirements Regulation or CRR firms) to holding companies.

    November 25, 2021 WebPage Regulatory News
    News

    EC Proposes New Measures Under Capital Markets Union Package

    The European Commission (EC) has adopted a package of measures related to the Capital Markets Union.

    November 25, 2021 WebPage Regulatory News
    News

    EBA Publishes Standards to Calculate Risk-Weights of CIUs Under CRR

    The European Banking Authority (EBA) published the final report on draft regulatory technical standards for the calculation of risk-weighted exposure amounts of collective investment undertakings or CIUs, in line with the Capital Requirements Regulation (CRR).

    November 24, 2021 WebPage Regulatory News
    News

    FED Outlines Lending Conditions and Supervisory Activities in H1 2021

    The Board of Governors of the Federal Reserve System (FED) published a report that summarizes banking conditions in the United States, along with the supervisory and regulatory activities of FED.

    November 24, 2021 WebPage Regulatory News
    News

    APRA Expects Boards to Strengthen Ability to Oversee Cyber Resilience

    The Australian Prudential Regulation Authority (APRA) recently completed two pilot initiatives in its 2020-2024 Cyber Security Strategy, which was published in November 2020.

    November 23, 2021 WebPage Regulatory News
    News

    FSB Updates List of Global Systemically Important Banks

    The Basel Committee on Banking Supervision (BCBS) published further information related to its 2021 assessment of global systemically important banks (G-SIBs), with additional details to help understand the scoring methodology.

    November 23, 2021 WebPage Regulatory News
    News

    FASB Proposes Improvements to Credit Losses Standard

    The Financial Accounting Standards Board (FASB) is consulting on an Accounting Standards Update and the associated taxonomy improvements for requirements on troubled debt restructurings and vintage disclosures under the credit losses standard (for financial instruments) topic 326.

    November 23, 2021 WebPage Regulatory News
    News

    US Agencies Issue Statement on Crypto-Asset Policy Initiatives

    US Agencies issued a statement that summarizes the work undertaken during the interagency policy sprints focused on crypto-assets and provides a roadmap of future work related to crypto-assets.

    November 23, 2021 WebPage Regulatory News
    RESULTS 1 - 10 OF 7733