ECB Publishes the Cyber Resilience Oversight Expectations

The cyber resilience oversight expectations provide FMIs with detailed steps on how to operationalize the guidance, provide overseers with clear expectations to assess FMIs under their responsibility, and provide the basis for a meaningful discussion between the FMIs and their respective overseers. During the consultation, ECB received responses from 20 entities, including FMIs, banks, banking communities, and associations. Comments in the public consultation mostly focused on four aspects:

• Level of prescriptiveness of the expectations
• Three levels of cyber maturity and how these correspond to other international cybersecurity frameworks, which also have maturity models
• Process for oversight assessments against the cyber resilience oversight expectations
• Need for harmonization across different jurisdictions and among regulators, to reduce the fragmentation of regulatory expectations and facilitate oversight convergence

Cyber resilience is an important aspect of the operational resilience of FMIs and efficient operation of FMIs is essential for maintaining and enhancing financial stability. If not properly managed, FMIs can be sources of financial shocks, such as credit losses. They can also be a major channel through which these shocks are transmitted across domestic and international financial markets.

Related Links

• Press Release
• Cyber Resilience Oversight Guidance (PDF)
• ECB Response to Consultation
• Responses from Entities (ZIP)
• CPMI-IOSCO Guidance on Cyber Resilience

Keywords: Europe, EU, Banking, PMI, FMI, Cyber Resilience, Cyber Risk, Operational Risk, ECB