EIOPA Consults on Guidelines on ICT Security and Governance
EIOPA issued a consultation on guidelines on the Information and Communication Technology (ICT) security and governance by insurers. The guidelines covers the areas of governance and risk management, ICT operations security, and ICT operations management. These guidelines shall provide guidance to national supervisory authorities and market participants on how regulation regarding operational risks set forth in the Solvency II Directive (2009/138/EC), the Delegated Regulation 2015/35, and EIOPA Guidelines on System of Governance is applied in the case of ICT security and governance. The consultation period on these guidelines ends on March 13, 2020.
Recognizing the need for being prepared for cyber risk and a sound cyber-security framework by undertakings, these guidelines also cover cyber-security as a part of the information security measures of an undertaking. The objective of these guidelines is to provide clarification and transparency to market participants on the minimum expected information and cyber-security capabilities. The guidelines are intended to help avoid potential regulatory arbitrage and to foster supervisory convergence regarding the expectations and processes applicable in relation to ICT security and governance as a key to proper ICT and security risk management. The guidelines should be read in conjunction with and without prejudice to the Solvency II Directive, the Delegated Regulation, EIOPA Guidelines on system of governance and EIOPA Guidelines on outsourcing to cloud service providers. As a next step, EIOPA will consider the feedback received to this consultation, publish a final report on the consultation, and submit the guidelines for adoption by its Board of Supervisors.
Related Links
Comment Due Date: March 13, 2020
Keywords: Europe, EU, Insurance, Cyber Risk, Operational Risk, Fintech, Solvency II, Cloud Service Providers, EIOPA
Featured Experts
Adam Koursaris
Asset and liability management expert; capable modeler; risk and capital specialist
Cassandra Hannibal
Life insurance actuary; risk management and economic capital specialist
Jerome Ogrodzki
Insurance asset and liabilities modeling specialist; stochastic modeling expert
Previous Article
MAS Consults on Regulatory Approach for Payment Token DerivativesRelated Articles
EBA Clarifies Use of COVID-19-Impacted Data for IRB Credit Risk Models
The European Banking Authority (EBA) published four draft principles to support supervisory efforts in assessing the representativeness of COVID-19-impacted data for banks using the internal ratings based (IRB) credit risk models.
EP Reaches Agreement on Corporate Sustainability Reporting Directive
The European Council and the European Parliament (EP) reached a provisional political agreement on the Corporate Sustainability Reporting Directive (CSRD).
PRA Consults on Model Risk Management Principles for Banks
The Prudential Regulation Authority (PRA) launched a consultation (CP6/22) that sets out proposal for a new Supervisory Statement on expectations for management of model risk by banks.
EC Regulation Amends Standards for Calculating Credit Risk Adjustments
The European Commission (EC) published the Delegated Regulation 2022/954, which amends regulatory technical standards on specification of the calculation of specific and general credit risk adjustments.
BIS Hub Updates Work Program for 2022, Announces New Projects
The Bank for International Settlements (BIS) Innovation Hub updated its work program, announcing a set of projects across various centers.
EIOPA Issues Cyber Underwriting Proposal, Statement on Open Insurance
The European Insurance and Occupational Pensions Authority (EIOPA) published two consultation papers—one on the supervisory statement on exclusions related to systemic events and the other on the supervisory statement on the management of non-affirmative cyber exposures.
US Senate Members Seek Details on SEC Proposed Climate Disclosure Rule
Certain members of the U.S. Senate Committee on Banking, Housing, and Urban Affairs issued a letter to the Securities and Exchange Commission (SEC)
EIOPA Consults on Review of Securitization Framework in Solvency II
The European Insurance and Occupational Pensions Authority (EIOPA) published a consultation paper on the advice on the review of the securitization prudential framework in Solvency II.
UK Authorities Issue Regulatory and Reporting Updates for Banks
The Prudential Regulation Authority (PRA) issued a statement on PRA buffer adjustment while the Bank of England (BoE) published a notice on the statistical reporting requirements for banks.
BCBS Issues Climate Risk Principles while HKMA Expresses Its Support
The Basel Committee on Banking Supervision (BCBS) issued principles for the effective management and supervision of climate-related financial risks.
