Featured Product

    BoE Releases Findings of Cyber Simulation Exercise in Financial Sector

    September 27, 2019

    BoE published a report on the high-level findings of cyber simulation exercise in the financial sector. The exercise, which took place on November 09, 2018, explored the resilience of financial sector to a major cyber incident impacting the UK. The exercise was commissioned by the Cross Market Operational Resilience Group jointly chaired by BoE and UK Finance. The exercise demonstrated that recommendations from the last sector exercise have been implemented and identified further opportunities for improvement.

    The exercise also successfully rehearsed work of the Cross Market Business Continuity Group, an executive-level group chaired by BoE to enable financial authorities (BoE, PRA, FCA, and HM Treasury) to interact with the sector during times of major operational disruption. Along with the financial authorities, participants included 29 of the most systemically important firms and Financial Market Infrastructures. Participants responded to a severe but plausible cyber-attack scenario targeting the sector. The following are the key findings and recommendations of the exercise:

    • Opportunities to improve the way firms coordinate at an operational level during incidents that impact the sector. To address the improvements, a review of the sector response framework will be undertaken to ensure that the sector can communicate and co-ordinate at an operational level during a crisis. In addition the Finance Sector Cyber Collaboration Center (FSCCC) will also be integrated into the response framework to ensure that the technical coordination capability it provides is incorporated into the broader response landscape.
    • Disparity in risk tolerance for suspending services could impact the functioning of the financial sector. In the case of system integrity issues, participant decision making and risk appetite for suspending services varied significantly. The future work will focus on the production of industry guidelines and good practice for managing potential controlled suspension of services and system integrity risks.
    • Recovery of services is impacted by differences in the way data is stored across the financial sector. The exercise found that the ability of participants to support another operationally paralyzed bank is constrained by the different ways in which data is stored. This restricts how contingencies could be used for the benefit of the sector as a whole. To improve response capability, work will be completed to scope the technical and data requirements for providing services via alternative channels. This will be followed by a strategy paper and playbook to support coordination of this contingency during a live incident.
    • Effective and consistent communications are key to maintaining customer and market confidence. The exercise recognized the importance of effective communications in maintaining customer and market confidence in the system. It demonstrated that use of UK Finance’s incident management communications framework and coordination has significantly improved collective communications, with public lines developed in under an hour. To improve consistency and clarity of often complex technical messaging, future work will focus on the production of industry guidelines on good incident communications practices and consistent definition and use of terminology.

    The financial authorities, in partnership with financial sector firms, will act on the recommendations resulting from this exercise and will work to deliver improvements to the resilience and response capability of the financial sector. Delivery against these recommendations has already been initiated and is planned to continue into 2020.

     

    Related Links 

    Keywords: Europe, UK, Banking, Cyber Risk, Operational Risk, Cyber Simulation Exercise, Cyber Resilience, UK Finance, BoE

    Related Articles
    News

    EC Consults on PSD2 and Open Finance; EU Reaches Agreement on DORA

    The European Commission (EC) published a public consultation on the review of revised payment services directive (PSD2) and open finance.

    May 11, 2022 WebPage Regulatory News
    News

    EC Mandates ESAs to Propose Amendments to SFDR Technical Standards

    The European Commission (EC) has issued two letters mandating the European Supervisory Authorities (ESAs) to jointly propose amendments to the regulatory technical standards under Sustainable Finance Disclosure Regulation or SFDR.

    May 11, 2022 WebPage Regulatory News
    News

    EBA Examines Supervisory Practices, Issues Deposits Reporting Template

    The European Banking Authority (EBA) published its annual report on convergence of supervisory practices for 2021. Additionally, following a request from the European Commission (EC),

    May 11, 2022 WebPage Regulatory News
    News

    US Agency Publications Address Basel, Reporting, and CECL Developments

    The Farm Credit Administration published, in the Federal Register, the final rule on implementation of the Current Expected Credit Losses (CECL) methodology for allowances

    May 09, 2022 WebPage Regulatory News
    News

    SEC Extends Comment Period on Climate Risk Disclosures

    The U.S. Securities and Exchange Commission (SEC) looks set to intensify focus on crypto-assets and cyber risk and extended the comment period on the proposed rules to enhance and standardize climate-related disclosures for investors.

    May 09, 2022 WebPage Regulatory News
    News

    APRA Reduces Committed Liquidity Facility, Issues Other Updates

    The Australian Prudential Regulation Authority (APRA) announced reduction in the aggregate Committed Liquidity Facility and issued an update on the operational preparedness for zero and negative market interest rates.

    May 09, 2022 WebPage Regulatory News
    News

    CMF Consults on Basel Rules, Presents Roadmap to Address Climate Risks

    The Commission for the Financial Market (CMF) in Chile published capital adequacy ratios (as of February 2022, January 2022, and December 2021) for 17 banks and for the banking system.

    May 06, 2022 WebPage Regulatory News
    News

    PRA Issues Statement on NPEs and Policy on Trading Activity Wind-Down

    The Prudential Regulation Authority (PRA) issued a statement on the European Banking Authority (EBA) guidelines on management of non-performing exposures (NPEs) and forborne exposures.

    May 06, 2022 WebPage Regulatory News
    News

    EBA Updates Standards for 2023 Benchmarking of Internal Approaches

    The European Banking Authority (EBA) updated the implementing technical standards that specify the data collection for the 2023 supervisory benchmarking exercise in relation to the internal approaches used in market risk, credit risk, and IFRS 9 accounting.

    May 06, 2022 WebPage Regulatory News
    News

    EIOPA Responds to Stakeholder Views on Blockchain in Insurance

    The European Insurance and Occupational Pensions Authority (EIOPA) published a feedback statement on the responses received to the consultation on blockchain and smart contracts in insurance.

    May 06, 2022 WebPage Regulatory News
    RESULTS 1 - 10 OF 8179