Featured Product

    IMF Paper Discusses Emerging Practices for Supervision of Cyber Risk

    September 24, 2019

    IMF published a paper that discusses the emerging supervisory practices that contribute to effective cyber-security risk supervision. This paper highlights emerging supervisory approaches with the intention of promoting good practices. The focus is on how these practices can be adopted by the agencies that are at an early stage of developing a supervisory approach to strengthen cyber resilience. The paper notes that regulatory requirements ensuring that good cyber-security risk management practices are in place are critical.

    The paper discusses the importance of addressing cyber risk and points out that financial sector supervisory authorities worldwide are working to establish and implement a framework for cyber risk supervision. Progress, however, is uneven, particularly for lower-income countries and lower-capacity supervisors, which face a number of challenges developing an effective regulatory and supervisory framework for cyber risk supervision. The goal of cyber-security risk supervision should be to influence, incentivize, and shape cyber-security capabilities of firms. Supervision activities to build resilience should include the following:

    • Identify the threat landscape
    • Map the cyber and financial network
    • Create coherent regulation
    • Conduct supervisory assessment
    • Establish formal information-sharing and reporting mechanisms
    • Provide adequate response and recovery
    • Ensure preparedness of supervisory agencies

    The experience from IMF technical assistance shows that establishing a framework for cyber-security risk supervision involves many challenges, with the dearth of specialist skills being one of the biggest challenges. Notwithstanding these, all supervisors can take action to build information-gathering and sharing systems, improve basic security practices, and identify and deploy resources toward key assets and carry out basic cyber exercises. The report highlights that the transfer of knowledge across the community of supervisors, especially lower-income and lower-capacity supervisors, will help raise resilience globally. Regulations should leverage established approaches, including those developed by industry, which will help with a convergence of standards. Although all firms face cyber-security risk, smaller- and lower-capacity firms should focus on strengthening cyber hygiene while the largest and most globally connected firms and key system nodes should be subject to heightened standards.

    The report notes that authorities should work together to promote a more consistent and coordinated approach that promotes consistency and convergence. A strong regulatory and supervisory framework should allow supervisors to substantially improve the resilience of financial sector to cyber attack. Whether the regulatory framework is based on principles or rules, the framework must grant supervisors sufficient authority to address cyber-security risk and allow supervisors to be sufficiently adaptive to the dynamics of the risk. 

     

    Related Link: Report on Cyber Risk Supervision

     

    Keywords: International, Banking, Insurance, Securities, Cyber Risk, Cyber Resilience Framework, Supervisory Practices, Operational Risk, IMF

    Related Articles
    News

    US Agencies Requests Comments on Use and Impact of CAMELS Ratings

    US Agencies (FDIC and FED) are seeking information and comments from interested parties regarding the consistency of ratings assigned by the agencies under the Uniform Financial Institutions Rating System (UFIRS).

    October 18, 2019 WebPage Regulatory News
    News

    BoE Announces Date for Publication of Stress Test Results for Banks

    BoE announced its plans to publish results of the full UK annual stress tests on December 10, 2019.

    October 18, 2019 WebPage Regulatory News
    News

    PRA Consults on Approach to Supervising Liquidity and Funding Risks

    In consultation paper (CP27/19), PRA published a proposal (CP27/19) to update the supervisory statement SS24/15 on the PRA approach to supervising liquidity and funding risk.

    October 17, 2019 WebPage Regulatory News
    News

    US Agencies Consult on Policy Statement on Allowance for Credit Losses

    US Agencies (FDIC, FED, NCUA, and OCC) are consulting on the policy statement on allowances for credit losses and on the guidance on credit risk review systems.

    October 17, 2019 WebPage Regulatory News
    News

    FSI Paper Examines Use of Suptech Initiatives by Financial Authorities

    The Financial Stability Institute (FSI) of BIS published a paper that examines the suptech developments by analyzing suptech initiatives of 39 financial authorities globally.

    October 17, 2019 WebPage Regulatory News
    News

    ECB Publishes Recommendations on Euro Risk-Free Rates Transition

    ECB published a report, by private sector working group on euro risk-free rates, which contains recommendations, from a risk management perspective, on the transition to new risk-free rates.

    October 17, 2019 WebPage Regulatory News
    News

    US Agencies Publish Notice to Extend Form FFIEC 102 for Three Years

    US Agencies (FDIC, FED, and OCC) published a joint notice regarding extension of the market risk regulatory report for institutions subject to the market risk capital rule (FFIEC 102).

    October 17, 2019 WebPage Regulatory News
    News

    FSB Report Examines Implementation and Impact of G20 Financial Reforms

    FSB published fifth annual report on the implementation and effects of the G20 financial regulatory reforms.

    October 16, 2019 WebPage Regulatory News
    News

    EBA Launches Consultation on Comprehensive Pillar 3 Disclosures

    EBA proposed the new comprehensive implementing technical standard (ITS) for public disclosures by financial institutions.

    October 16, 2019 WebPage Regulatory News
    News

    EBA Consults on Revised Technical Standards on Supervisory Reporting

    EBA launched a consultation on the revised implementing technical standards, or ITS, on supervisory reporting.

    October 16, 2019 WebPage Regulatory News
    RESULTS 1 - 10 OF 3997