FCA to Comply with EBA Guidelines on ICT and Security Risk Management

By Regulatory News

June 25, 2020

Coronavirus

FCA published a statement on its intention to comply with the EBA guidelines on information and communication technology (ICT) and security risk management for credit institutions, investment firms, and payment service providers. The guidelines, which were published in November 2019, enter into force on June 30, 2020. In its statement, FCA also points out that it is in the process of consulting on new requirements to strengthen operational resilience in the financial services sector. FCA expects to publish the final rules on operation resilience in the first quarter of 2021, including providing further information on the links between its operational resilience policy and the EBA guidelines.

In March 2020, FCA had extended the comment period for its consultation (CP19/32) on operational resilience until October 01, 2020. Firms and financial market infrastructures are not expected to be required to meet requirements resulting from this consultation before the end of 2021. While operational resilience remains a top priority for FCA, PRA, and BoE, the later publication date and implementation timetable are intended to alleviate burden on firms and financial market infrastructures in the wake of the COVID-19 outbreak. FCA welcomes feedback from firms to its consultation and their experiences in embedding the requirements of the EBA guidelines.

All credit institutions, investment firms, and payment service providers will be expected to make every effort to comply with the EBA guidelines. Firms should also refer to the EBA "further guidance" on the use of flexibility in relation to COVID-19 and the implementation of the guidelines on ICT and security risk management. Consistent with the EBA "further guidance," FCA will apply reasonable supervisory flexibility when assessing the implementation of the ICT and security management guidelines, given the ongoing COVID-19 crisis.

Related Links

Effective Date: June 30, 2020

Keywords: Europe, EU, UK, Banking, Securities, Insurance, FMI, COVID-19, Operational Resilience, Cyber Risk, CP 19/32, PRA, BoE, FCA

Featured Experts

Victor Calanog, Ph.D.

Leading economist; commercial real estate; performance forecasting, econometric infrastructure; data modeling; credit risk modeling; portfolio assessment; custom commercial real estate analysis; thought leader.

JFSA Defers Final Two Phases of Margin Rules for OTC Derivatives

FED Publishes Results of Stress Test and COVID Sensitivity Analysis

News

OSFI Consults on Revisions to BCAR and Leverage Requirements Returns

OSFI proposed revisions to the Basel Capital Adequacy Reporting (BCAR) and leverage requirements returns for the 2023 reporting, with the comment period ending on July 09, 2021.

May 04, 2021 WebPage Regulatory News

News

EBA Seeks Views on Revisions to Nonperforming Loan Data Templates

EBA published a discussion paper on review of the standardized nonperforming loans (NPL) transaction data templates, along with the proposed revised NPL data templates.

May 04, 2021 WebPage Regulatory News

News

Bundesbank Updates Requirements Documentation for AnaCredit Reporting

Bundesbank updated AnaCredit reporting requirements for banks, with reference to the Notice 8001/2020.

May 03, 2021 WebPage Regulatory News

News

CBUAE Issues Regulation for Low-Risk Specialized Banks

CBUAE has issued a regulation that introduces the licensing and supervision framework for low-risk, specialized banks.

May 01, 2021 WebPage Regulatory News

News

APRA Proposes Guidance to Support Prudential Standard on Remuneration

APRA is consulting on CPG 511—the draft Prudential Practice Guide on remuneration for banks, insurers, and superannuation licensees—with the comment period ending on July 23, 2021.