Featured Product

    FSB Sets Out Effective Practices for Cyber Incident Recovery

    October 19, 2020

    FSB finalized the toolkit of effective practices to assist financial institutions in their cyber incident response and recovery activities. The toolkit includes 49 practices for effective cyber incident response and recovery across seven components, which are governance, planning and preparation, analysis, mitigation, restoration and recovery, coordination and communication, and improvement. The final toolkit was delivered to G20 Finance Ministers and Central Bank Governors for their October meeting. FSB also published an overview of responses received to the consultation on this toolkit. The overview explains the main issues raised in the public consultation, along with the changes made to the final toolkit to address these issues.

    The toolkit presents effective practices that organizations have adopted while taking into account jurisdictions’ legislative, judicial, and regulatory frameworks, the size of the organization, the role of the organization in the financial ecosystem, and the extent to which stakeholders are affected by a cyber incident. The toolkit is composed as a resource and reference guide for effective practices using common cyber-taxonomies in a manner aligned to industry standards accessible to senior management, board of directors, or other governance or compliance, risk, and legal professionals that interface with cybersecurity technical experts in the organization, the standard-setting bodies, or the authorities. While many of these effective practices are already in use by larger organizations, they could also be valuable for smaller and less complex organizations to help strengthen their cyber resilience. FSB points out that the COVID-19 pandemic highlighted the need for many organizations and authorities to consider adjustments to cyber risk management processes, cyber incident reporting, cyber incident response, and recovery activities as well as management of critical third-party service providers (for example, cloud services) and relevant stakeholders. Effective preparation and testing of incident response and recovery plans, particularly business continuity planning, facilitated organizations’ transition to remote work and operations. Furthermore, effective communication across the supply chain, including through intra-group entities and third-party service providers, is often highlighted as a key challenge.

    The draft toolkit of effective practices was published for public consultation in April 2020. In developing the consultative document, FSB conducted a stocktake of publicly released guidance from national authorities, international organizations and other external stakeholders; reviewed existing standards and case studies on past cyber incidents; and engaged with external stakeholders at workshops and bilateral meetings. FSB also drew on insights from national authorities based on their supervisory work. The public consultation period ended on July 20, 2020 and 58 responses were received from a wide range of external stakeholders, including banks, insurers, financial market intermediaries, industry associations, IT service providers, and public authorities. Drawing on the feedback from the public consultation, FSB further clarified the proportionate and risk-based nature of the toolkit to improve its usability. Second, the toolkit is better aligned with industry practices and international standards. 

     

    Related Links

    Keywords: International, Banking, Insurance, Securities, Cyber Risk, Governance, Cyber Incident, Responses and Recovery, Toolkit, Operational Risk, COVID-19, Cloud Computing, Third-Party Arrangements, FSB

    Related Articles
    News

    EC Regulation Sets Out Standards for Reporting and Disclosure of MREL

    EC published the Implementing Regulation 2021/763 that lays down implementing technical standards for supervisory reporting and public disclosure of the minimum requirement for own funds and eligible liabilities (MREL).

    May 12, 2021 WebPage Regulatory News
    News

    EBA Report Notes Loan Origination Should Remain in Supervisory Focus

    EBA published a report that examines the convergence of prudential supervisory practices in 2020 and offers conclusions of the EBA college monitoring activity.

    May 12, 2021 WebPage Regulatory News
    News

    APRA Decides to Standardize Submission Date for Quarterly Reporting

    APRA announced the standardization of quarterly reporting due dates for authorized deposit-taking institutions.

    May 11, 2021 WebPage Regulatory News
    News

    ECB Working Group Publishes Recommendations on EURIBOR Fallbacks

    The private sector working group of ECB on euro risk-free rates published the recommendations to address events that would trigger fallbacks in the Euro Interbank Offered Rate (EURIBOR)-related contracts, along with the €STR-based EURIBOR fallback rates (rates that could be used if a fallback is triggered).

    May 11, 2021 WebPage Regulatory News
    News

    Bundesbank Publishes Supporting Documentation for Reporting by Banks

    Bundesbank published a list of "EntryPoints" that are accepted in its reporting system; the list provides taxonomy version and name of the module against each EntryPoint.

    May 11, 2021 WebPage Regulatory News
    News

    EBA Publishes Phase 1 of Reporting Framework 3.1

    EBA published the phase 1 of its reporting framework 3.1, with the technical package covering the new reporting requirements for investment firms (under the implementing technical standards on investment firms reporting).

    May 10, 2021 WebPage Regulatory News
    News

    IOSCO Sees Support for Mandatory Sustainability Reporting

    The Sustainable Finance Taskforce of IOSCO held two roundtables, with global stakeholders, on the IOSCO priorities to enhance the reliability, comparability, and consistency of sustainability-related disclosures and to collect views on the practical implementation of a global system architecture for these disclosures.

    May 10, 2021 WebPage Regulatory News
    News

    APRA to Finalize Capital Adequacy Standard Revisions by January 2022

    Asia Pacific Australia Banking APS 111 Capital Adequacy Regulatory Capital Basel RBNZ APRA

    May 10, 2021 WebPage Regulatory News
    News

    ESMA Issues Guidelines on Outsourcing to Cloud Service Providers

    ESMA published the final guidelines on outsourcing to cloud service providers.

    May 10, 2021 WebPage Regulatory News
    News

    EBA Publishes Data on Deposit Guarantee Schemes

    EBA published annual data for two key concepts and indicators in the Deposit Guarantee Schemes (DGS) Directive—available financial means and covered deposits.

    May 10, 2021 WebPage Regulatory News
    RESULTS 1 - 10 OF 6967