CBB Amends Requirements for Cyber-Security Incident Reporting
The Central Bank of Bahrain (CBB) is amending requirements under the operational risk management module (Module OM) of Volumes 1 and 2 of the CBB Rulebook for conventional banks and Islamic banks, respectively.
These amendments, which relate to requirements on reporting cyber-security incidents, became effective immediately on publication. The updated requirements specify that on occurrence or detection of any cyber-security incident, whether internal or external, that compromises customer information or disrupts critical services that affect operations, conventional and Islamic bank licensees must contact CBB immediately (within one hour) and submit Section A of the Cyber Security Incident Report (Appendix OM-1) to CBB within two hours. Following the submission of Section A of the Report, the licensee must submit to CBB Section B of the Cyber Security Incident Report (Appendix OM-1) within 10 calendar days of the occurrence of the cyber security incident. Licensees must include all relevant details in the report, including the full root cause analysis of the cyber security incident, its impact on the business operations and customers, and all measures taken by the licensee to stop the attack, mitigate its impact, and ensure that similar events do not recur. In addition, a weekly progress update must be submitted to CBB until the incident is fully resolved.
Related Links
- Notification on Amended Requirements for Conventional Banks
- Module OM for Conventional Banks (PDF)
- Notification on Amended Requirements for Islamic Banks
- Module OM for Islamic Banks (PDF)
Keywords: Middle East and Africa, Bahrain, Banking, Basel, Regtech, Cyber Security, Incident Reporting, Cyber Risk, CBB Rulebook, Islamic Banking, Operational Risk, Module OM, CBB
Featured Experts
María Cañamero
Skilled market researcher; growth strategist; successful go-to-market campaign developer
Nicolas Degruson
Works with financial institutions, regulatory experts, business analysts, product managers, and software engineers to drive regulatory solutions across the globe.
Patrycja Oleksza
Applies proficiency and knowledge to regulatory capital and reporting analysis and coordinates business and product strategies in the banking technology area
Related Articles
BIS and Central Banks Experiment with GenAI to Assess Climate Risks
A recent report from the Bank for International Settlements (BIS) Innovation Hub details Project Gaia, a collaboration between the BIS Innovation Hub Eurosystem Center and certain central banks in Europe
Nearly 25% G-SIBs Commit to Adopting TNFD Nature-Related Disclosures
Nature-related risks are increasing in severity and frequency, affecting businesses, capital providers, financial systems, and economies.
Singapore to Mandate Climate Disclosures from FY2025
Singapore recently took a significant step toward turning climate ambition into action, with the introduction of mandatory climate-related disclosures for listed and large non-listed companies
SEC Finalizes Climate-Related Disclosures Rule
The U.S. Securities and Exchange Commission (SEC) has finalized the long-awaited rule that mandates climate-related disclosures for domestic and foreign publicly listed companies in the U.S.
EBA Proposes Standards Related to Standardized Credit Risk Approach
The European Banking Authority (EBA) has been taking significant steps toward implementing the Basel III framework and strengthening the regulatory framework for credit institutions in the EU
US Regulators Release Stress Test Scenarios for Banks
The U.S. regulators recently released baseline and severely adverse scenarios, along with other details, for stress testing the banks in 2024. The relevant U.S. banking regulators are the Federal Reserve Bank (FED), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC).
Asian Governments Aim for Interoperability in AI Governance Frameworks
The regulatory landscape for artificial intelligence (AI), including the generative kind, is evolving rapidly, with governments and regulators aiming to address the challenges and opportunities presented by this transformative technology.
EBA Proposes Operational Risk Standards Under Final Basel III Package
The European Union (EU) has been working on the final elements of Basel III standards, with endorsement of the Banking Package and the publication of the European Banking Authority (EBA) roadmap on Basel III implementation in December 2023.
EFRAG Proposes XBRL Taxonomy and Standard for Listed SMEs Under ESRS
The European Financial Reporting Advisory Group (EFRAG), which plays a crucial role in shaping corporate reporting standards in European Union (EU), is seeking comments, until May 21, 2024, on the Exposure Draft ESRS for listed SMEs.
ECB to Expand Climate Change Work in 2024-2025
Banking regulators worldwide are increasingly focusing on addressing, monitoring, and supervising the institutions' exposure to climate and environmental risks.