ECB Representatives Speak About Work Toward Building Cyber Resilience
Sabine Lautenschläger and Benoît Cœuré of ECB spoke about cyber resilience at the first meeting of the Euro Cyber Resilience Board for pan-European Financial Infrastructures in Frankfurt. Ms. Lautenschläger highlights that “ECB Banking Supervision takes cyber resilience very seriously” and discussed the ECB progress so far, along with its plans for the future. Mr. Cœuré also discussed the future course of the high-level cyber resilience forum for pan-European financial market infrastructures, critical service providers, and competent authorities.
With respect to the work done so far, Ms. Lautenschläger highlighted that ECB has conducted thematic reviews on cyber risk and outsourcing, a stocktake on how IT risks are supervised outside the euro area, and quite a few on-site inspections into IT and cyber risks, using state-of-the-art methods. ECB has also set up a reporting framework for cyber incidents. Drawing on the EBA guidelines, ECB has developed comprehensive IT risk self-assessments for the banks it supervises, including an extensive section on IT and cyber security. The results of these assessments will feed into the Supervisory Review and Evaluation Process, in which ECB will also challenge the information provided by banks. The review will give a better idea of the overall IT risk landscape in the banking industry and will help to identify blind spots early on and define areas for further investigation; this will eventually feed into the plans for 2019. In addition, the review will help to compare banks and partially anonymized feedback could then be shared with them. She concludes, “While cybercrime may have an aura of mystery and power, cyber resilience is quite the opposite: it calls for vigilance and diligence, day in, day out.”
Additionally, Benoît Cœuré of ECB said that, within the Eurosystem, there has been close collaboration on implementing the Eurosystem oversight cyber resilience strategy for financial market infrastructures, in line with CPMI-IOSCO’s guidance on this topic. He explained the goals and objectives of the Euro Cyber Resilience Board (ECRB) for pan-European Financial Infrastructures and highlighted that ECRB will have no formal powers to impose binding measures and will not make supervisory judgments. The ECRB will be chaired by ECB, which will be closely involved together with national central banks and observers from the relevant European public authorities. He also outlined the two recent activities of ECB:
- First, a cyber resilience survey, developed under the Eurosystem oversight cyber resilience strategy, was conducted across more than 75 payment systems, central securities depositories, and central counterparties throughout Europe. The survey highlighted a number of very pertinent issues for discussion, such as cyber governance, training and awareness, and cyber incident response.
- Second, the Eurosystem is finalizing the main elements of the European Threat Intelligence-Based Ethical Red-Teaming (TIBER-EU) Framework. This is an interesting concept that is expected to raise the level of cyber resilience in Europe and enable cross-border, cross-authority testing, which has not been done before.
Related Links
Keywords: Europe, EU, Banking, PMI, Cyber Risk, Banking Supervision, ECB
Related Articles
OSFI Issues Phase2 Consultation on Climate Scenario Exercise for Banks
The Office of the Superintendent of Financial Institutions (OSFI) recently announced a consultation on the second phase of the Standardized Climate Scenario Exercise (SCSE) for banks and other financial institutions it regulates in Canada.
BIS and Central Banks Experiment with GenAI to Assess Climate Risks
A recent report from the Bank for International Settlements (BIS) Innovation Hub details Project Gaia, a collaboration between the BIS Innovation Hub Eurosystem Center and certain central banks in Europe
Nearly 25% G-SIBs Commit to Adopting TNFD Nature-Related Disclosures
Nature-related risks are increasing in severity and frequency, affecting businesses, capital providers, financial systems, and economies.
Singapore to Mandate Climate Disclosures from FY2025
Singapore recently took a significant step toward turning climate ambition into action, with the introduction of mandatory climate-related disclosures for listed and large non-listed companies
SEC Finalizes Climate-Related Disclosures Rule
The U.S. Securities and Exchange Commission (SEC) has finalized the long-awaited rule that mandates climate-related disclosures for domestic and foreign publicly listed companies in the U.S.
EBA Proposes Standards Related to Standardized Credit Risk Approach
The European Banking Authority (EBA) has been taking significant steps toward implementing the Basel III framework and strengthening the regulatory framework for credit institutions in the EU
US Regulators Release Stress Test Scenarios for Banks
The U.S. regulators recently released baseline and severely adverse scenarios, along with other details, for stress testing the banks in 2024. The relevant U.S. banking regulators are the Federal Reserve Bank (FED), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC).
Asian Governments Aim for Interoperability in AI Governance Frameworks
The regulatory landscape for artificial intelligence (AI), including the generative kind, is evolving rapidly, with governments and regulators aiming to address the challenges and opportunities presented by this transformative technology.
EBA Proposes Operational Risk Standards Under Final Basel III Package
The European Union (EU) has been working on the final elements of Basel III standards, with endorsement of the Banking Package and the publication of the European Banking Authority (EBA) roadmap on Basel III implementation in December 2023.
EFRAG Proposes XBRL Taxonomy and Standard for Listed SMEs Under ESRS
The European Financial Reporting Advisory Group (EFRAG), which plays a crucial role in shaping corporate reporting standards in European Union (EU), is seeking comments, until May 21, 2024, on the Exposure Draft ESRS for listed SMEs.
