MFSA published a document that provides background on Information and Communications Technology (ICT) risk and cybersecurity, also discussing the applicable legal and regulatory framework and the work of the Supervisory ICT Risk and Cybersecurity function of MFSA. In addition, MFSA issued a circular that addresses significant credit institutions regarding the harmonization of IMAS portal of ECB Banking Supervision with the FinHub portal of MFSA. The IMAS portal allows banks directly supervised by ECB to submit information related to supervisory processes, track their status, and exchange information with supervisors.
ECB, together with the national competent authorities of the member states in the Single Supervisory Mechanism, is in the process of streamlining the manner in which information flows between regulators and the banking industry. The system development in this respect is underway. Consequently, significant Institutions licensed in terms of the Banking Act, and supervised directly by the ECB, are being required to upload information including but not limited to fit-and-proper statuses and changes in key personnel on both the IMAS portal of ECB and the FinHub portal of MFSA, for an interim period until the back-end system development has been completed and is live. The IMAS Portal has been introduced in two phases. During the phasing-in period starting on October 20, 2020 only a limited number of significant banks were able to access and use the portal. After the full go-live on January 27, 2021, all banks directly supervised by ECB can use the portal.
Additionally, the published document on ICT risk and cybersecurity explains the supervisory approach of MFSA and outlines the establishment of the Supervisory ICT Risk and Cybersecurity function at MFSA. The document highlights the key observations of the Supervisory ICT Risk and Cybersecurity function through supervisory interactions over the past year and sets out the expectations of MFSA in this regard. It also discusses the focus areas for the coming year, in view of the designation of supervisory ICT risk and cybersecurity as a cross-sectoral priority of MFSA for 2021. The Supervisory ICT Risk and Cybersecurity function will continue to support the sectoral supervisory functions to ensure that regulated entities have an adequate cybersecurity program in place designed to enhance resilience to cyber-attacks and mitigate the risks associated with such threats. In view of the ever-increasing dependency on ICT, an enhancement, in terms of breadth and depth of supervisory activities throughout the year, is to be expected. Among others, the Supervisory ICT Risk and Cybersecurity function plans to:
- Develop an ICT and Cybersecurity risk model for supervision as a process for mapping out, and prioritizing key risk areas within the industry.
- Conduct a comprehensive and cross-sectoral thematic desk-based review on ICT Risk and Cybersecurity matters, including outsourcing.
- Intensify participation and contribution in local and foreign working groups throughout 2021 and anticipates significant progress on the legislative proposals on digital operational resilience.
- Circular on IMAS Portal
- ECB IMAS Portal
- Press Release on ICT Risk
- Document on ICT Risk and Cybersecurity (PDF)
Keywords: Europe, Malta, Banking, Reporting, IMAS Portal, FinHub Portal, SSM, Technology Risk, Cyber Risk, Outsourcing Risk, ECB, MFSA
Scott is a Director in the Regulatory and Accounting Solutions team responsible for providing accounting expertise across solutions, products, and services offered by Moody’s Analytics in the US. He has over 15 years of experience leading auditing, consulting and accounting policy initiatives for financial institutions.
Previous ArticleFSC Korea Details Policy Measures to Support Recovery from Pandemic
The use cases of generative AI in the banking sector are evolving fast, with many institutions adopting the technology to enhance customer service and operational efficiency.
As part of the increasing regulatory focus on operational resilience, cyber risk stress testing is also becoming a crucial aspect of ensuring bank resilience in the face of cyber threats.
A few years down the road from the last global financial crisis, regulators are still issuing rules and monitoring banks to ensure that they comply with the regulations.
The European Commission (EC) recently issued an update informing that the European Council and the Parliament have endorsed the Banking Package implementing the final elements of Basel III standards
The Swiss Federal Council recently decided to further develop the Swiss Climate Scores, which it had first launched in June 2022.
The Basel Committee on Banking Supervision (BCBS) launched consultation on a Pillar 3 disclosure framework for climate-related financial risks, with the comment period ending on February 29, 2024.
The U.S. President Joe Biden signed an Executive Order, dated October 30, 2023, to ensure safe, secure, and trustworthy development and use of artificial intelligence (AI).
The Monetary Authority of Singapore (MAS) launched an integrated digital platform, Gprnt, also known as “Greenprint.”
The European Banking Authority (EBA) has published the final templates, and the associated guidance, for collecting climate-related data for the one-off Fit-for-55 climate risk scenario analysis.
The Network for Greening the Financial System (NGFS) published its latest set of long-term climate macro-financial scenarios (Phase IV) for assessing forward-looking climate risks.