CBB Amends Requirements for Cyber-Security Incident Reporting
The Central Bank of Bahrain (CBB) is amending requirements under the operational risk management module (Module OM) of Volumes 1 and 2 of the CBB Rulebook for conventional banks and Islamic banks, respectively.
These amendments, which relate to requirements on reporting cyber-security incidents, became effective immediately on publication. The updated requirements specify that on occurrence or detection of any cyber-security incident, whether internal or external, that compromises customer information or disrupts critical services that affect operations, conventional and Islamic bank licensees must contact CBB immediately (within one hour) and submit Section A of the Cyber Security Incident Report (Appendix OM-1) to CBB within two hours. Following the submission of Section A of the Report, the licensee must submit to CBB Section B of the Cyber Security Incident Report (Appendix OM-1) within 10 calendar days of the occurrence of the cyber security incident. Licensees must include all relevant details in the report, including the full root cause analysis of the cyber security incident, its impact on the business operations and customers, and all measures taken by the licensee to stop the attack, mitigate its impact, and ensure that similar events do not recur. In addition, a weekly progress update must be submitted to CBB until the incident is fully resolved.
Related Links
- Notification on Amended Requirements for Conventional Banks
- Module OM for Conventional Banks (PDF)
- Notification on Amended Requirements for Islamic Banks
- Module OM for Islamic Banks (PDF)
Keywords: Middle East and Africa, Bahrain, Banking, Basel, Regtech, Cyber Security, Incident Reporting, Cyber Risk, CBB Rulebook, Islamic Banking, Operational Risk, Module OM, CBB
Featured Experts
María Cañamero
Skilled market researcher; growth strategist; successful go-to-market campaign developer
Nicolas Degruson
Works with financial institutions, regulatory experts, business analysts, product managers, and software engineers to drive regulatory solutions across the globe.
Patrycja Oleksza
Applies proficiency and knowledge to regulatory capital and reporting analysis and coordinates business and product strategies in the banking technology area
Next Article
ECB Issues Opinion on Proposed Amendments to CRRRelated Articles
APRA Publishes Results of Climate Risk Self-Assessment Survey
The Australian Prudential Regulation Authority (APRA) has published the findings of its latest climate risk self-assessment survey conducted across the banking, insurance, and superannuation industries.
ACPR Publishes Updates Related to CRD IV and Covered Bonds
The French Prudential Supervisory Authority (ACPR) published a notice related to the methods for calculating and publishing prudential ratios under the Capital Requirements Directive (CRD IV) and the minimum requirement for own funds and eligible liabilities (MREL).
BIS Paper Contributes to Debate on Regulating NBFIs and Big Techs
The Financial Stability Institute (FSI) of the Bank for International Settlements recently published a paper proposing a framework for classifying financial stability regulation as either entity-based or activity-based.
EIOPA Publishes Guidance on Climate Change Scenarios in ORSA
The European Insurance and Occupational Pension Authority (EIOPA) published the risk dashboard based on Solvency II data and the final version of the application guidance on climate change materiality assessments and climate change scenarios in the Own Risk and Solvency Assessment (ORSA).
EBA and ECB Respond to Proposals on Sustainability Disclosures
The European Banking Authority (EBA) and the European Central Bank (ECB) published their responses to the consultations of the International Sustainability Standards Board (ISSB) and the European Financial Reporting Advisory Group (EFRAG) on sustainability-related disclosure standards.
BIS Report Notes Existing Gaps in Climate Risk Data at Central Banks
A Consultative Group on Risk Management (CGRM) at the Bank for International Settlements (BIS) published a report that examines incorporation of climate risks into the international reserve management framework.
EBA Publishes Multiple Regulatory Updates for Regulated Entities
The European Banking Authority (EBA) published the final guidelines on liquidity requirements exemption for investment firms, updated version of its 5.2 filing rules document for supervisory reporting, and Single Rulebook Question and Answer (Q&A) updates in July 2022.
EIOPA Issues SII Taxonomy and Guide on Sustainability Preferences
The European Insurance and Occupational Pensions Authority (EIOPA) published Version 2.8.0 of the Solvency II data point model (DPM) and XBRL taxonomy.
EESC Opines on Proposals on CRR and European Single Access Point
The European Union published, in the Official Journal of the European Union, an opinion from the European Economic and Social Committee (EESC); the opinion is on the proposal for a regulation to amend the Capital Requirements Regulation (CRR).
HM Treasury Publishes Multiple Regulatory Updates in July 2022
HM Treasury published a draft statutory instrument titled “The Financial Services (Miscellaneous Amendments) (EU Exit) Regulations 2022,” along with the related explanatory memorandum and impact assessment.
