FFIEC members (FED, CFPB, FDIC, NCUA, OCC, and State Liaison Committee) issued a joint statement to describe the matters that financial institutions should consider when determining whether to use cyber insurance as a component of their risk management programs. The FFIEC members do not require financial institutions to maintain cyber insurance. The evolving cyber insurance market and the shifting cyber threat landscape may, however, prompt financial institutions to consider whether cyber insurance would be an effective part of their overall risk management programs.
The joint statement notes that cyber-attacks are increasing in volume and sophistication and that traditional general liability insurance policies may not provide effective coverage for all potential exposures caused by cyber events. Cyber insurance could offset financial losses from a variety of exposures—including data breaches resulting in the loss of confidential information—that may not be covered by more traditional insurance policies. Financial institution management should assess the scope of coverage of current insurance and consider how cyber insurance may fit into the overall risk management framework of an institution. As with any insurance coverage, cyber insurance does not diminish the importance of a sound control environment. Rather, cyber insurance may be a component of a broader risk management strategy, which includes identifying, measuring, mitigating, and monitoring cyber risk exposure.
Keywords: Americas, US, Banking, PMI, Cyber Insurance, Risk Management, FFIEC
The European Central Bank (ECB) is undertaking the integrated reporting framework (IReF) project to integrate statistical requirements for banks into a standardized reporting framework that would be applicable across the euro area and adopted by authorities in other EU member states.
The Basel Committee on Banking Supervision met, shortly after a gathering of the Group of Central Bank Governors and Heads of Supervision (GHOS), the oversight body of BCBS.
The International Organization of Securities Commissions (IOSCO) welcomed the work of the international audit and assurance standard setters—the International Auditing and Assurance Standards Board (IAASB)
The European Banking Authority (EBA) has been awarded the top European Standard for its environmental performance under the European Eco-Management and Audit Scheme (EMAS).
The Bank of England (BoE) published a Statistical Notice (2022/18), which informs that due to the Bank Holiday granted for Her Majesty Queen Elizabeth II’s State Funeral on Monday September 19, 2022.
The French Prudential Control and Resolution Authority (ACPR) announced that the European Banking Authority (EBA) has updated its filing rules and the implementation dates for certain modules of the EBA reporting framework 3.2.
The Australian Prudential Regulation Authority (APRA) announced reduction in the aggregate Committed Liquidity Facility (CLF) for authorized deposit-taking entities to ~USD 33 billion on September 01, 2022.
The China Banking and Insurance Regulatory Commission (CBIRC) published the administrative measures for internal control of wealth management companies, which come into force on the day of promulgation.
The Prudential Regulation Authority (PRA) proposed its approach to policy-making as it takes on wider rulemaking responsibilities under the Financial Services and Markets Bill.
The European Central Bank (ECB) published its opinion on the proposal for a regulation on harmonized rules on fair access to and use of data (Data Act).