Featured Product

    BCBS Report Examines Cyber Resilience Practices Across Jurisdictions

    December 04, 2018

    BCBS published a report that identifies, describes, and compares the range of observed bank, regulatory, and supervisory cyber-resilience practices across jurisdictions. The challenges and initiatives to enhance cyber-resilience have been summarized in the form of 10 key findings and illustrated by case studies that focus on concrete developments in the jurisdictions covered. BCBS classifies the expectations and practices into four broad dimensions of cyber-resilience: governance and culture; risk measurement and assessment of preparedness; communication and information-sharing; and interconnections with third parties.

    The following are some of the key findings of the study:

    • While regulators generally do not require a specific cyber strategy, all expect institutions to maintain adequate capability in this area as part of their global strategies. In most jurisdictions, broader IT and operational risk management practices are quite mature and are used to address cyber-risk and supervise cyber-resilience.
    • Although management models such as the three lines of defence (3LD) model are widely adopted, cyber-resilience is not always clearly articulated across the technical, business, and strategic lines. This confusion in roles and responsibilities hampers the effectiveness of the 3LD model.
    • Although some forward-looking indicators of cyber-resilience are being picked up through the most widespread supervisory practices, no standard set of metrics has emerged yet. This makes it more difficult for supervisors and banks to articulate and engage on cyber-resilience.
    • Most observed information-sharing mechanisms involve bank-to-bank and bank-to-regulator communications, with the former being mostly done on a voluntary basis.
    • Regulatory frameworks for outsourcing activities across jurisdictions are quite established and share substantial commonalities. However, there is no common approach regarding third parties beyond outsourced services, which implies different scopes of regulation and supervisory actions. While third parties may provide cost-effective solutions to increase resilience levels, the onus remains on the banks to demonstrate adequate understanding and active management of the third-party dependencies and concentration across the value chain

    In preparing this range of practices document, BCBS relied on input from its member jurisdictions in response to a survey conducted by FSB in April 2017. By describing the diversity of approaches thematically, the report will help banks and supervisors navigate the regulatory environment and will serve as a useful input for identifying areas where further policy work by the Basel Committee may be warranted. Going forward, the Committee will integrate the cyber dimension into its broader operational resilience work. 

     

    Related Links

    Keywords: International, Banking, Regtech, Suptech, Cyber Resilience, Operational Risk, Cyber Risk, BCBS

    Related Articles
    News

    BOE Article Explains Process for Bank Authorization in UK

    BoE published an article, in the Quarterly Bulletin for the third quarter of 2019, on how banks are authorized in the UK.

    September 20, 2019 WebPage Regulatory News
    News

    HKMA on Commencement of Regulatory Regime Under Insurance Ordinance

    HKMA announced the commencement of new licensing and regulatory regime for insurance intermediaries under the Insurance Ordinance from September 23, 2019.

    September 20, 2019 WebPage Regulatory News
    News

    APRA Revises Standard on Margin Rules for Uncleared Derivatives

    APRA revised CPS 226, which is the prudential standard on margin and risk mitigation requirements for non-centrally cleared derivatives.

    September 19, 2019 WebPage Regulatory News
    News

    SEC Adopts Rules and Amendments Under Regulatory Regime for Swaps

    SEC announced that it took a significant step toward establishing the regulatory regime for security-based swap dealers (SBSDs) by adopting a package of rules and rule amendments under Title VII of the Dodd-Frank Act.

    September 19, 2019 WebPage Regulatory News
    News

    FCA Welcomes ISDA Protocol on Narrowly Tailored Credit Events

    FCA published an update to its initial joint statement with the U.S. SEC and CFTC on opportunistic strategies in the credit derivatives markets.

    September 19, 2019 WebPage Regulatory News
    News

    PRA Issues Consultation on Prudent Person Principle Under Solvency II

    PRA, via the consultation paper CP22/19, has set out its proposed expectations for investment by firms, in accordance with the Prudent Person Principle (PPP).

    September 18, 2019 WebPage Regulatory News
    News

    PRA Proposal on Probability of Default and LGD Estimation

    PRA proposed, via the consultation paper CP21/19, an approach to implementing EBA’s recent regulatory products relating to Probability of Default (PD) estimation, Loss Given Default (LGD) estimation, and the treatment of defaulted exposures in the internal ratings-based (IRB) approach to credit risk.

    September 18, 2019 WebPage Regulatory News
    News

    BIS Formalizes Agreement to Set Up Innovation Hub in Hong Kong SAR

    BIS and HKMA signed the Operational Agreement on the BIS Innovation Hub Center in Hong Kong Special Administrative Region (SAR).

    September 18, 2019 WebPage Regulatory News
    News

    APRA Observations from Thematic Review on Recovery Plans of Insurers

    APRA issued a letter to general insurers and life insurers, outlining observations from a recent thematic review on recovery planning by insurers.

    September 18, 2019 WebPage Regulatory News
    News

    BNM Publishes Financial Stability Review for the First Half of 2019

    BNM published Financial Stability Review for the first half of 2019.

    September 18, 2019 WebPage Regulatory News
    RESULTS 1 - 10 OF 3853