FSB Consults on Practices for Cyber Incident Response and Recovery
FSB is consulting on a toolkit of effective practices to assist financial institutions in their cyber incident response and recovery activities. The toolkit lists 46 effective practices that have been structured across seven components. These components are governance, preparation, analysis, mitigation, restoration, improvement, and coordination and communication. FSB welcomes comments and responses, by July 20, 2020, to the questions set out in the consultation. This consultation report was sent to G20 Finance Ministers and Central Bank Governors for their virtual meeting on April 15.
Efficient and effective response to and recovery from a cyber incident by organizations in the financial ecosystem is essential to limiting any related financial stability risks. The toolkit draws from survey responses by national authorities, international organizations, and external stakeholders; a review of the existing standards and case studies of cyber incidents; engagement with external stakeholders at workshops and bilateral meetings; and insights drawn from national authorities based on their supervisory work. The toolkit is structured across the following seven components:
- Governance—This component frames the way in which cyber incident and recovery is organized and managed. It aligns cyber incident and recovery activities with goals set for continuity of business operations. It sets the organizational structures and roles required to coordinate response and recovery across internal functions, business lines, firms, jurisdictions, or even sectors. Governance involves defining the decision-making framework and allocates responsibilities and accountabilities to ensure that the right stakeholders are engaged when a cyber incident occurs.
- Preparation—The aim should be to establish and maintain capabilities to respond to cyber incidents and to restore critical functions, processes, activities, systems, and data affected by cyber incidents to normal operations. While preparation is a phase before an incident, it significantly and directly influences the effectiveness of cyber incident and recovery activities.
- Analysis—Analysis is conducted to ensure effective response and recovery activities, including forensic analysis, and to determine the severity, impact, and root cause of the cyber incident to drive appropriate response and recovery activities.
- Mitigation—Activities related to mitigation are performed to prevent the aggravation of the situation and eradicates cyber threats in a timely manner to alleviate their impact on business operations and services.
- Restoration—Organizations repair and restore systems or assets affected by a cyber incident to safely resume business-as-usual delivery of impacted services.
- Improvement—Organizations establish processes to improve response and recovery capabilities through the lessons learned from past cyber incidents and from proactive tools such as cyber incident and recovery exercises. Necessary changes are made to cyber incident and recovery policies, plans, and playbooks to improve the overall process as well as any necessary training and testing. Lessons learned are used in the selection and implementation of additional controls and mitigation measures.
- Coordination and communication—The aim should be to coordinate with stakeholders to maintain good cyber situational awareness and enhance cyber resilience of the ecosystem. Progress and outcomes from the cyber incident analysis are shared with internal and external stakeholders to take actions to contain, mitigate, recover, or prevent a cyber incident and to ensure that no misunderstandings or rumors arise from lack of information. A common, secure, and trusted communication channel enhances the efficiency and security of information-sharing.
Enhancing cyber incident response and recovery at organizations is an important focus for national authorities. National authorities are in a unique position to gain insights on effective cyber incident response and recovery activities in financial institutions from their supervisory work and from their observations across multiple organizations and peer analyses that can help suggest areas that both authorities and organizations can enhance. The final toolkit, taking on board the feedback from this public consultation, will be sent to the October meeting of G20 Finance Ministers and Central Bank Governors.
Related Links
Keywords: International, Banking, Insurance, Securities, Cyber Incident, Governance, Response and Recovery, Toolkit, Operational Risk, Cyber Risk, FSB
Previous Article
FIN-FSA Announces Measures to Address Impact of COVID-19 OutbreakRelated Articles
FINMA Approves Merger of Credit Suisse and UBS
The Swiss Financial Market Supervisory Authority (FINMA) has approved the takeover of Credit Suisse by UBS.
BOE Sets Out Its Thinking on Regulatory Capital and Climate Risks
The Bank of England (BOE) published a working paper that aims to understand the climate-related disclosures of UK financial institutions.
OSFI Finalizes on Climate Risk Guideline, Issues Other Updates
The Office of the Superintendent of Financial Institutions (OSFI) is seeking comments, until May 31, 2023, on the draft guideline on culture and behavior risk, with final guideline expected by the end of 2023.
APRA Assesses Macro-Prudential Policy Settings, Issues Other Updates
The Australian Prudential Regulation Authority (APRA) published an information paper that assesses its macro-prudential policy settings aimed at promoting stability at a systemic level.
BIS Paper Examines Impact of Greenhouse Gas Emissions on Lending
BIS issued a paper that investigates the effect of the greenhouse gas, or GHG, emissions of firms on bank loans using bank–firm matched data of Japanese listed firms from 2006 to 2018.
HMT Mulls Alignment of Ring-Fencing and Resolution Regimes for Banks
The HM Treasury (HMT) is seeking evidence, until May 07, 2023, on practicalities of aligning the ring-fencing and the banking resolution regimes for banks.
MFSA Sets Out Supervisory Priorities, Issues Reporting Updates
The Malta Financial Services Authority (MFSA) outlined its supervisory priorities for 2023
German Regulators Issue Multiple Reporting Updates for Banks
Deutsche Bundesbank published the nationally deactivated validation rules for the German Commercial Code (HGB) users on the taxonomy 3.2, which became valid from December 31, 2022
BCBS Report Examines Impact of Basel III Framework for Banks
The Basel Committee on Banking Supervision (BCBS) published results of the Basel III monitoring exercise based on the June 30, 2022 data.
PRA Consults on Prudential Rules for "Simpler-Regime" Firms
Among the recent regulatory updates from UK authorities, a key development is the first-phase consultation, from the Prudential Regulation Authority (PRA), on simplifications to the prudential framework that would apply to the simpler-regime firms.