IA of Hong Kong Publishes Cyber-Security Guideline for Insurers
IA of Hong Kong published the guideline GL20 on cyber-security for authorized insurers. The guideline sets the minimum standard for cyber-security that authorized insurers are expected to have in place and the general guiding principles which the IA uses in assessing the effectiveness of the cyber-security framework of an insurer. The guideline applies to all authorized insurers, except for captive insurers and marine mutual insurers, in relation to the insurance business they conduct in, or from, Hong Kong. GL20 shall take effect on January 01, 2020.
Cyber risk is one of the most significant operational risks that insurers face, particularly with regard to the business operations they conduct digitally and online. Cyber-security incidents can result in financial loss, business disruption, damage to reputation, and other adverse consequences to an insurer. Accordingly, this guideline requires authorized insurers to put in place resilient cyber-security frameworks to protect their business data and the personal data of their existing or potential policyholders and to ensure continuity of their business operations. The guideline stipulates that authorized insurers should establish and maintain a cyber-security strategy and framework tailored to mitigate relevant cyber risks that are commensurate with the nature, size, and complexity of their business. The cyber-security strategy and framework should be endorsed by the Board of the insurer. Insurers should also develop a cyber-security incident response plan, which covers scenarios of cyber-security incidents and corresponding contingency strategies to maintain and restore critical functions and essential activities in such scenarios.
Related Links
Keywords: Asia Pacific, Hong Kong, Insurance, Cyber Risk, Guideline, Cyber Guidance, IA
Previous Article
Mark Carney of BoE Speaks on Addressing Systemic Risks for Non-BanksRelated Articles
OSFI Issues Phase2 Consultation on Climate Scenario Exercise for Banks
The Office of the Superintendent of Financial Institutions (OSFI) recently announced a consultation on the second phase of the Standardized Climate Scenario Exercise (SCSE) for banks and other financial institutions it regulates in Canada.
BIS and Central Banks Experiment with GenAI to Assess Climate Risks
A recent report from the Bank for International Settlements (BIS) Innovation Hub details Project Gaia, a collaboration between the BIS Innovation Hub Eurosystem Center and certain central banks in Europe
Nearly 25% G-SIBs Commit to Adopting TNFD Nature-Related Disclosures
Nature-related risks are increasing in severity and frequency, affecting businesses, capital providers, financial systems, and economies.
Singapore to Mandate Climate Disclosures from FY2025
Singapore recently took a significant step toward turning climate ambition into action, with the introduction of mandatory climate-related disclosures for listed and large non-listed companies
SEC Finalizes Climate-Related Disclosures Rule
The U.S. Securities and Exchange Commission (SEC) has finalized the long-awaited rule that mandates climate-related disclosures for domestic and foreign publicly listed companies in the U.S.
EBA Proposes Standards Related to Standardized Credit Risk Approach
The European Banking Authority (EBA) has been taking significant steps toward implementing the Basel III framework and strengthening the regulatory framework for credit institutions in the EU
US Regulators Release Stress Test Scenarios for Banks
The U.S. regulators recently released baseline and severely adverse scenarios, along with other details, for stress testing the banks in 2024. The relevant U.S. banking regulators are the Federal Reserve Bank (FED), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC).
Asian Governments Aim for Interoperability in AI Governance Frameworks
The regulatory landscape for artificial intelligence (AI), including the generative kind, is evolving rapidly, with governments and regulators aiming to address the challenges and opportunities presented by this transformative technology.
EBA Proposes Operational Risk Standards Under Final Basel III Package
The European Union (EU) has been working on the final elements of Basel III standards, with endorsement of the Banking Package and the publication of the European Banking Authority (EBA) roadmap on Basel III implementation in December 2023.
EFRAG Proposes XBRL Taxonomy and Standard for Listed SMEs Under ESRS
The European Financial Reporting Advisory Group (EFRAG), which plays a crucial role in shaping corporate reporting standards in European Union (EU), is seeking comments, until May 21, 2024, on the Exposure Draft ESRS for listed SMEs.