Featured Product

    IMF Paper Discusses Emerging Practices for Supervision of Cyber Risk

    September 24, 2019

    IMF published a paper that discusses the emerging supervisory practices that contribute to effective cyber-security risk supervision. This paper highlights emerging supervisory approaches with the intention of promoting good practices. The focus is on how these practices can be adopted by the agencies that are at an early stage of developing a supervisory approach to strengthen cyber resilience. The paper notes that regulatory requirements ensuring that good cyber-security risk management practices are in place are critical.

    The paper discusses the importance of addressing cyber risk and points out that financial sector supervisory authorities worldwide are working to establish and implement a framework for cyber risk supervision. Progress, however, is uneven, particularly for lower-income countries and lower-capacity supervisors, which face a number of challenges developing an effective regulatory and supervisory framework for cyber risk supervision. The goal of cyber-security risk supervision should be to influence, incentivize, and shape cyber-security capabilities of firms. Supervision activities to build resilience should include the following:

    • Identify the threat landscape
    • Map the cyber and financial network
    • Create coherent regulation
    • Conduct supervisory assessment
    • Establish formal information-sharing and reporting mechanisms
    • Provide adequate response and recovery
    • Ensure preparedness of supervisory agencies

    The experience from IMF technical assistance shows that establishing a framework for cyber-security risk supervision involves many challenges, with the dearth of specialist skills being one of the biggest challenges. Notwithstanding these, all supervisors can take action to build information-gathering and sharing systems, improve basic security practices, and identify and deploy resources toward key assets and carry out basic cyber exercises. The report highlights that the transfer of knowledge across the community of supervisors, especially lower-income and lower-capacity supervisors, will help raise resilience globally. Regulations should leverage established approaches, including those developed by industry, which will help with a convergence of standards. Although all firms face cyber-security risk, smaller- and lower-capacity firms should focus on strengthening cyber hygiene while the largest and most globally connected firms and key system nodes should be subject to heightened standards.

    The report notes that authorities should work together to promote a more consistent and coordinated approach that promotes consistency and convergence. A strong regulatory and supervisory framework should allow supervisors to substantially improve the resilience of financial sector to cyber attack. Whether the regulatory framework is based on principles or rules, the framework must grant supervisors sufficient authority to address cyber-security risk and allow supervisors to be sufficiently adaptive to the dynamics of the risk. 

     

    Related Link: Report on Cyber Risk Supervision

     

    Keywords: International, Banking, Insurance, Securities, Cyber Risk, Cyber Resilience Framework, Supervisory Practices, Operational Risk, IMF

    Related Articles
    News

    EIOPA Report Analyzes Use and Impact of Long-Term Guarantee Measures

    EIOPA submitted—to the European Parliament, the Council of the European Union, and EC—its 2020, fifth, and last annual report on long-term guarantee measures and measures on equity risk.

    December 03, 2020 WebPage Regulatory News
    News

    BIS, SNB, and SIX Announce Successful Completion of CBDC POC

    The BIS Innovation Hub Swiss Centre, SNB, and the financial infrastructure operator SIX announced the successful completion of a joint proof-of-concept (PoC) experiment as part of the Project Helvetia.

    December 03, 2020 WebPage Regulatory News
    News

    EBA Sets Out Treatment of Certain Banking Book Positions Under FRTB

    EBA published the final draft regulatory technical standards for calculation of own funds requirements for market risk, under the standardized and internal model approaches of the Fundamental Review of the Trading Book (FRTB) framework.

    December 03, 2020 WebPage Regulatory News
    News

    EIOPA Consults on Integrating Climate Change into SII Standard Formula

    EIOPA published discussion paper on a methodology for the potential inclusion of climate change in the Solvency II (sometimes also written as SII) standard formula when calculating natural catastrophe underwriting risk.

    December 02, 2020 WebPage Regulatory News
    News

    EU Issues Corrigenda to Investment Firms Directive and Regulation

    EU published, in the Official Journal of the European Union, corrigenda to the Directive and the Regulation on the prudential requirements and supervision of investment firms.

    December 02, 2020 WebPage Regulatory News
    News

    MAS Proposes Changes to Rules Arising from Banking Amendment Act

    MAS proposed amendments to certain regulations, notices, and guidelines arising from the Banking (Amendment) Act 2020.

    December 02, 2020 WebPage Regulatory News
    News

    PRA to Elaborate on Approach to Transposition of CRD5 by Mid-December

    PRA published a statement that explains when to expect further information on the PRA approach to transposing the Capital Requirements Directive (CRD5), including its approach to revisions to the definition of capital for Pillar 2A.

    November 30, 2020 WebPage Regulatory News
    News

    RBNZ Consults on Aspects of Insurance Act, Solvency Standards & IFRS17

    RBNZ launched consultations on the scope of the Insurance Prudential Supervision Act (IPSA) 2010 and on the associated Insurance Solvency Standards.

    November 30, 2020 WebPage Regulatory News
    News

    SRB Sets Out Work Program for 2021-2023

    SRB published the work program for 2021-2023, setting out a roadmap to further operationalize the Single Resolution Fund and to achieve robust resolvability of banks under its remit over the next three years.

    November 30, 2020 WebPage Regulatory News
    News

    EIOPA Consults on KPIs on Sustainability for Non-Financial Reporting

    EIOPA is consulting on the relevant ratios to be mandatorily disclosed by insurers and reinsurers falling within the scope of the Non-Financial Reporting Directive as well as on the methodologies to build these ratios.

    November 30, 2020 WebPage Regulatory News
    RESULTS 1 - 10 OF 6191