Featured Product

    ESAs Publish Advice on Cybersecurity and Management of ICT Risk

    April 10, 2019

    ESAs published two pieces of Joint Advice in response to the requests of EC in its March 2018 FinTech Action Plan. One Joint Advice pertains to the need for legislative improvements related to Information and Communication Technology (ICT) risk management requirements in the EU financial sector. The second Joint Advice pertains to the costs and benefits of a coherent cyber resilience testing framework for significant market participants and infrastructures within the EU financial sector.

    Regarding the need for legislative improvements, in developing the Joint Advice, ESAs' objective was that every relevant entity should be subject to clear general requirements on governance of ICT, including cybersecurity, to ensure the safe provision of regulated services. Guided by this objective, the proposals presented in the Advice aim to promote stronger operational resilience and harmonization in the EU financial sector by applying changes to their respective sectoral legislation. Incident reporting is highly relevant to ICT risk management and allows relevant entities and authorities to log, monitor, analyze, and respond to ICT operational, ICT security, and fraud incidents. Therefore, ESAs call for streamlining aspects of the incident reporting frameworks across the financial sector. Furthermore, ESAs suggest that a legislative solution for an appropriate oversight framework to monitor the activities of critical third-party service providers should be considered.

    Regarding the costs and benefits of a coherent cyber resilience testing framework, ESAs see clear benefits of such a framework. However, there are significant differences on the maturity level of cybersecurity, across and within financial sectors. In the short-term, ESAs advise to focus on achieving a minimum level of cyber-resilience across the sectors, proportionate to the needs and characteristics of the relevant entities. Furthermore, ESAs propose to establish, on a voluntary basis, an EU-wide coherent testing framework, with other relevant authorities (taking into account the existing initiatives) and with a focus on Threat Lead Penetration Testing. In the long-term, ESAs aim to ensure a sufficient cyber maturity level of identified cross-sector entities.

    To implement the proposed actions, ESAs highlight the required legal basis and explicit mandate, which is necessary for development and implementation of a coherent resilience testing framework across all financial sectors by ESAs in cooperation with other relevant authorities. EC, in the March 2018 FinTech Action Plan, had specifically requested ESAs to map, by the first quarter of 2019, the existing supervisory practices across financial sectors around ICT security and governance requirements and, where appropriate, to consider issuing guidelines aimed at supervisory convergence and enforcement of ICT risk management and mitigation requirements in the EU financial sector and, if necessary, to provide EC with technical advice on the need for legislative improvements. EC had also requested ESAs to evaluate, by the fourth quarter of 2018 (now Q1 2019), the costs and benefits of developing a coherent cyber resilience testing framework for significant market participants and infrastructures within the EU financial sector.

     

    Related Links

    Keywords: Europe, EU, Banking, Insurance, Securities, Fintech, Cyber Risk, ICT Risk, Operational Risk, Fintech Action Plan, Cyber Resilience, ESAs

    Featured Experts
    Related Articles
    News

    ESMA Updates Q&A on Credit Rating Agencies Regulation

    ESMA updated questions and answers (Q&A) document on the Credit Rating Agencies (CRA) Regulation.

    February 17, 2020 WebPage Regulatory News
    News

    EC Announces Funding for Sustainable Finance Project in France

    EC announced an investment for the latest projects, including a project on sustainable finance, under the LIFE program for the environment and climate action.

    February 17, 2020 WebPage Regulatory News
    News

    FDIC Releases Economic Scenarios for Stress Testing in 2020

    FDIC released the hypothetical economic scenarios for use in the upcoming stress tests for covered institutions with total consolidated assets of more than USD 250 billion.

    February 14, 2020 WebPage Regulatory News
    News

    EBA Acknowledges EC Adoption of Amended Supervisory Reporting Standard

    EBA acknowledged the adoption, by EC, of an Implementing Act with regard to the common reporting (COREP) and financial reporting (FINREP) changes, in accordance with the Capital Requirements Regulation or CRR.

    February 14, 2020 WebPage Regulatory News
    News

    APRA and ASIC Welcome Proposed Reforms for Superannuation Sector

    APRA and the Australian Securities and Investments Commission (ASIC) have jointly welcomed the proposed legislative reforms increasing the role of ASIC in the superannuation sector.

    February 14, 2020 WebPage Regulatory News
    News

    ESMA Responds to EC Consultation on Review of Benchmarks Regulation

    ESMA published its response to EC consultation on review of the Benchmarks Regulation in EU.

    February 14, 2020 WebPage Regulatory News
    News

    OSFI on Guide and Form for Replicating Portfolio Information Summary

    OSFI revised the instruction guide and form related to filing the Replicating Portfolio Information Summary.

    February 14, 2020 WebPage Regulatory News
    News

    ISDA Guide on Smart Contracts for Equity and Interest Rate Derivatives

    ISDA has published the fourth and fifth installments in a series of legal guidelines for smart derivatives contracts.

    February 13, 2020 WebPage Regulatory News
    News

    FED Paper Describes FLARE, A Top-Down Model for Stress Testing

    FED published a technical paper that describes the Forward-Looking Analysis of Risk Events (FLARE) model.

    February 13, 2020 WebPage Regulatory News
    News

    EC Rule Updates Data for Calculations Under Solvency II Reporting

    EC published the Implementing Regulation 2020/193, which lays down technical information for the calculation of technical provisions and basic own funds for reporting with reference dates from December 31, 2019 to March 30, 2020, in accordance with the Solvency II Directive (2009/138/EC).

    February 13, 2020 WebPage Regulatory News
    RESULTS 1 - 10 OF 4680