Featured Product

    IMF Paper Discusses Emerging Practices for Supervision of Cyber Risk

    September 24, 2019

    IMF published a paper that discusses the emerging supervisory practices that contribute to effective cyber-security risk supervision. This paper highlights emerging supervisory approaches with the intention of promoting good practices. The focus is on how these practices can be adopted by the agencies that are at an early stage of developing a supervisory approach to strengthen cyber resilience. The paper notes that regulatory requirements ensuring that good cyber-security risk management practices are in place are critical.

    The paper discusses the importance of addressing cyber risk and points out that financial sector supervisory authorities worldwide are working to establish and implement a framework for cyber risk supervision. Progress, however, is uneven, particularly for lower-income countries and lower-capacity supervisors, which face a number of challenges developing an effective regulatory and supervisory framework for cyber risk supervision. The goal of cyber-security risk supervision should be to influence, incentivize, and shape cyber-security capabilities of firms. Supervision activities to build resilience should include the following:

    • Identify the threat landscape
    • Map the cyber and financial network
    • Create coherent regulation
    • Conduct supervisory assessment
    • Establish formal information-sharing and reporting mechanisms
    • Provide adequate response and recovery
    • Ensure preparedness of supervisory agencies

    The experience from IMF technical assistance shows that establishing a framework for cyber-security risk supervision involves many challenges, with the dearth of specialist skills being one of the biggest challenges. Notwithstanding these, all supervisors can take action to build information-gathering and sharing systems, improve basic security practices, and identify and deploy resources toward key assets and carry out basic cyber exercises. The report highlights that the transfer of knowledge across the community of supervisors, especially lower-income and lower-capacity supervisors, will help raise resilience globally. Regulations should leverage established approaches, including those developed by industry, which will help with a convergence of standards. Although all firms face cyber-security risk, smaller- and lower-capacity firms should focus on strengthening cyber hygiene while the largest and most globally connected firms and key system nodes should be subject to heightened standards.

    The report notes that authorities should work together to promote a more consistent and coordinated approach that promotes consistency and convergence. A strong regulatory and supervisory framework should allow supervisors to substantially improve the resilience of financial sector to cyber attack. Whether the regulatory framework is based on principles or rules, the framework must grant supervisors sufficient authority to address cyber-security risk and allow supervisors to be sufficiently adaptive to the dynamics of the risk. 

     

    Related Link: Report on Cyber Risk Supervision

     

    Keywords: International, Banking, Insurance, Securities, Cyber Risk, Cyber Resilience Framework, Supervisory Practices, Operational Risk, IMF

    Related Articles
    News

    MAS Concludes Blockchain Payments Prototype Shows Commercial Potential

    MAS and Temasek jointly released a report to mark the successful conclusion of the fifth and final phase of Project Ubin, which focused on building a blockchain-based multi-currency payments network prototype.

    July 13, 2020 WebPage Regulatory News
    News

    EBA Publishes Phase 2 of Technical Package on Reporting Framework 2.10

    EBA published phase 2 of the technical package on the reporting framework 2.10, providing the technical tools and specifications for implementation of EBA reporting requirements.

    July 10, 2020 WebPage Regulatory News
    News

    APRA Updates Reporting Validation Rules in July 2020

    APRA updated the lists of the Direct to APRA (D2A) validation rules for authorized deposit-taking institutions, insurers, and superannuation entities.

    July 10, 2020 WebPage Regulatory News
    News

    PRA to Partly Apply EBA Guidelines on Disclosures for COVID Measures

    PRA updated the statement that provides guidance to regulated firms on implementation of the EBA guidelines on reporting and disclosure of exposures subject to measures applied in response to the COVID-19 crisis.

    July 10, 2020 WebPage Regulatory News
    News

    EBA Updates List of Correlated Currencies Under CRR

    EBA updated the 2019 list of closely correlated currencies that was originally published in December 2013.

    July 10, 2020 WebPage Regulatory News
    News

    FASB Proposes to Delay Implementation of Insurance Contracts Standard

    FASB issued a proposed Accounting Standards Update that would grant insurance companies, adversely affected by the COVID-19 pandemic, an additional year to implement the Accounting Standards Update No. 2018-12 on targeted improvements to accounting for long-duration insurance contracts, or LDTI (Topic 944).

    July 09, 2020 WebPage Regulatory News
    News

    APRA Updates Regulatory Approach to Loan Deferrals Amid COVID Crisis

    APRA updated the regulatory approach for loans subject to repayment deferrals amid the COVID-19 crisis.

    July 09, 2020 WebPage Regulatory News
    News

    BCBS and FSB Set Out Recommendations for Benchmark Transition

    BCBS and FSB published a report on supervisory issues associated with benchmark transition.

    July 09, 2020 WebPage Regulatory News
    News

    IAIS Sets Out Recommendations for Benchmark Transition for Insurers

    IAIS published a report on supervisory issues associated with benchmark transition from an insurance perspective.

    July 09, 2020 WebPage Regulatory News
    News

    ESMA Updates Reporting Manual on European Single Electronic Format

    ESMA updated the reporting manual on the European Single Electronic Format (ESEF).

    July 09, 2020 WebPage Regulatory News
    RESULTS 1 - 10 OF 5469