Featured Product

    ECB Representatives Speak About Work Toward Building Cyber Resilience

    March 09, 2018

    Sabine Lautenschläger and Benoît Cœuré of ECB spoke about cyber resilience at the first meeting of the Euro Cyber Resilience Board for pan-European Financial Infrastructures in Frankfurt. Ms. Lautenschläger highlights that “ECB Banking Supervision takes cyber resilience very seriously” and discussed the ECB progress so far, along with its plans for the future. Mr. Cœuré also discussed the future course of the high-level cyber resilience forum for pan-European financial market infrastructures, critical service providers, and competent authorities.

    With respect to the work done so far, Ms. Lautenschläger highlighted that ECB has conducted thematic reviews on cyber risk and outsourcing, a stocktake on how IT risks are supervised outside the euro area, and quite a few on-site inspections into IT and cyber risks, using state-of-the-art methods. ECB has also set up a reporting framework for cyber incidents. Drawing on the EBA guidelines, ECB has developed comprehensive IT risk self-assessments for the banks it supervises, including an extensive section on IT and cyber security. The results of these assessments will feed into the Supervisory Review and Evaluation Process, in which ECB will also challenge the information provided by banks. The review will give a better idea of the overall IT risk landscape in the banking industry and will help to identify blind spots early on and define areas for further investigation; this will eventually feed into the plans for 2019. In addition, the review will help to compare banks and partially anonymized feedback could then be shared with them. She concludes, “While cybercrime may have an aura of mystery and power, cyber resilience is quite the opposite: it calls for vigilance and diligence, day in, day out.”

    Additionally, Benoît Cœuré of ECB said that, within the Eurosystem, there has been close collaboration on implementing the Eurosystem oversight cyber resilience strategy for financial market infrastructures, in line with CPMI-IOSCO’s guidance on this topic. He explained the goals and objectives of the Euro Cyber Resilience Board (ECRB) for pan-European Financial Infrastructures and highlighted that ECRB will have no formal powers to impose binding measures and will not make supervisory judgments. The ECRB will be chaired by ECB, which will be closely involved together with national central banks and observers from the relevant European public authorities. He also outlined the two recent activities of ECB:

    • First, a cyber resilience survey, developed under the Eurosystem oversight cyber resilience strategy, was conducted across more than 75 payment systems, central securities depositories, and central counterparties throughout Europe. The survey highlighted a number of very pertinent issues for discussion, such as cyber governance, training and awareness, and cyber incident response.
    • Second, the Eurosystem is finalizing the main elements of the European Threat Intelligence-Based Ethical Red-Teaming (TIBER-EU) Framework. This is an interesting concept that is expected to raise the level of cyber resilience in Europe and enable cross-border, cross-authority testing, which has not been done before.

     

    Related Links

    Keywords: Europe, EU, Banking, PMI, Cyber Risk, Banking Supervision, ECB

    Related Articles
    News

    APRA Updates Lists of Validation and Derivation Rules in December 2019

    APRA updated the lists of the Direct to APRA (D2A) validation and derivation rules for authorized deposit-taking institutions, insurers, and superannuation entities.

    December 13, 2019 WebPage Regulatory News
    News

    APRA Finalizes Prudential Standard for Credit Risk Management of Banks

    APRA updated the prudential standard on credit risk management requirements (APS 220) for authorized deposit-taking institutions, post a public consultation.

    December 12, 2019 WebPage Regulatory News
    News

    EIOPA Consults on Guidelines on ICT Security and Governance

    EIOPA issued a consultation on guidelines on the Information and Communication Technology (ICT) security and governance by insurers.

    December 12, 2019 WebPage Regulatory News
    News

    BCBS Consults on Design of Prudential Treatment for Crypto-Assets

    BCBS published a discussion paper on the design of prudential treatment for crypto-asset exposures of banks.

    December 12, 2019 WebPage Regulatory News
    News

    NCUA Approves Delay of Risk-Based Capital Rules Until January 2022

    The NCUA Board held its eleventh open meeting of 2019 and approved a final rule to delay the effective date of the risk-based capital rules for credit unions to January 01, 2022.

    December 12, 2019 WebPage Regulatory News
    News

    APRA Issues Operational Risk Rules, Consults on Reporting Requirements

    APRA published an updated prudential standard APS 115 that sets out operational risk requirements for authorized deposit-taking institutions in Australia.

    December 11, 2019 WebPage Regulatory News
    News

    ESMA Updates Q&A on European Benchmarks Regulation in December 2019

    ESMA updated the question and answers (Q&A) document on the European Benchmarks Regulation.

    December 11, 2019 WebPage Regulatory News
    News

    APRA Decides to Keep Countercyclical Capital Buffer for Banks at 0%

    APRA announced its decision to keep the countercyclical capital buffer (CCyB) for authorized deposit-taking institutions on hold at zero percent.

    December 11, 2019 WebPage Regulatory News
    News

    ESMA on Draft Amendments to Indices and Recognized Exchanges Under CRR

    ESMA issued the final report on draft amendments to the Implementing Regulation (EU) 2016/1646, which specifies the main indices and recognized exchanges, under the Capital Requirements Regulation (CRR), that are relevant to credit institutions and investment firms subject to prudential requirements and trading venues.

    December 11, 2019 WebPage Regulatory News
    News

    FED Extends Consultation Period for Capital Requirements for Insurers

    FED is extending comment period for the proposed rule establishing risk-based capital requirements for depository institution holding companies that are significantly engaged in insurance activities.

    December 10, 2019 WebPage Regulatory News
    RESULTS 1 - 10 OF 4316