CBB Amends Requirements for Cyber-Security Incident Reporting
The Central Bank of Bahrain (CBB) is amending requirements under the operational risk management module (Module OM) of Volumes 1 and 2 of the CBB Rulebook for conventional banks and Islamic banks, respectively.
These amendments, which relate to requirements on reporting cyber-security incidents, became effective immediately on publication. The updated requirements specify that on occurrence or detection of any cyber-security incident, whether internal or external, that compromises customer information or disrupts critical services that affect operations, conventional and Islamic bank licensees must contact CBB immediately (within one hour) and submit Section A of the Cyber Security Incident Report (Appendix OM-1) to CBB within two hours. Following the submission of Section A of the Report, the licensee must submit to CBB Section B of the Cyber Security Incident Report (Appendix OM-1) within 10 calendar days of the occurrence of the cyber security incident. Licensees must include all relevant details in the report, including the full root cause analysis of the cyber security incident, its impact on the business operations and customers, and all measures taken by the licensee to stop the attack, mitigate its impact, and ensure that similar events do not recur. In addition, a weekly progress update must be submitted to CBB until the incident is fully resolved.
Related Links
- Notification on Amended Requirements for Conventional Banks
- Module OM for Conventional Banks (PDF)
- Notification on Amended Requirements for Islamic Banks
- Module OM for Islamic Banks (PDF)
Keywords: Middle East and Africa, Bahrain, Banking, Basel, Regtech, Cyber Security, Incident Reporting, Cyber Risk, CBB Rulebook, Islamic Banking, Operational Risk, Module OM, CBB
Featured Experts
María Cañamero
Skilled market researcher; growth strategist; successful go-to-market campaign developer
Nicolas Degruson
Works with financial institutions, regulatory experts, business analysts, product managers, and software engineers to drive regulatory solutions across the globe.
Patrycja Oleksza
Applies proficiency and knowledge to regulatory capital and reporting analysis and coordinates business and product strategies in the banking technology area
Next Article
ECB Issues Opinion on Proposed Amendments to CRRRelated Articles
ESAs Issue Multiple Regulatory Updates for Financial Sector Entities
The three European Supervisory Authorities (ESAs) issued a letter to inform about delay in the Sustainable Finance Disclosure Regulation (SFDR) mandate, along with a Call for Evidence on greenwashing practices.
ISSB Makes Announcements at COP27; IASB to Propose IFRS 9 Amendments
The International Sustainability Standards Board (ISSB) of the IFRS Foundations made several announcements at COP27 and with respect to its work on the sustainability standards.
IOSCO Prioritizes Green Disclosures, Greenwashing, and Carbon Markets
The International Organization for Securities Commissions (IOSCO), at COP27, outlined the regulatory priorities for sustainability disclosures, mitigation of greenwashing, and promotion of integrity in carbon markets.
EBA Finalizes Methodology for Stress Tests, Issues Other Updates
The European Banking Authority (EBA) issued a statement in the context of COP27, clarified the operationalization of intermediate EU parent undertakings (IPUs) of third-country groups
OSFI Sets Out Work Priorities and Reporting Updates for Banks
The Office of the Superintendent of Financial Institutions (OSFI) published an annual report on its activities, a report on forward-looking work.
APRA Finalizes Changes to Capital Framework, Issues Other Updates
The Australian Prudential Regulation Authority (APRA) finalized amendments to the capital framework, announced a review of the prudential framework for groups.
BIS Hub and Central Banks Conduct CBDC and DeFI Pilots
The Bank for International Settlements (BIS) Innovation Hubs and several central banks are working together on various central bank digital currency (CBDC) pilots.
ECB Sets Deadline for Banks to Meet Its Climate Risk Expectations
The European Central Bank (ECB) published the results of its thematic review, which shows that banks are still far from adequately managing climate and environmental risks.
ESAs, ECB, & EC Issue Multiple Regulatory Updates for Financial Sector
Among its recent publications, the European Banking Authority (EBA) published the final standards and guidelines on interest rate risk arising from non-trading book activities (IRRBB)
EC Adopts Final Rules Under CRR, BRRD, and Crowdfunding Regulation
The European Commission (EC) recently adopted regulations with respect to the calculation of own funds requirements for market risk, the prudential treatment of global systemically important institutions (G-SIIs)
