Featured Product

    FSB Sets Out Effective Practices for Cyber Incident Recovery

    October 19, 2020

    FSB finalized the toolkit of effective practices to assist financial institutions in their cyber incident response and recovery activities. The toolkit includes 49 practices for effective cyber incident response and recovery across seven components, which are governance, planning and preparation, analysis, mitigation, restoration and recovery, coordination and communication, and improvement. The final toolkit was delivered to G20 Finance Ministers and Central Bank Governors for their October meeting. FSB also published an overview of responses received to the consultation on this toolkit. The overview explains the main issues raised in the public consultation, along with the changes made to the final toolkit to address these issues.

    The toolkit presents effective practices that organizations have adopted while taking into account jurisdictions’ legislative, judicial, and regulatory frameworks, the size of the organization, the role of the organization in the financial ecosystem, and the extent to which stakeholders are affected by a cyber incident. The toolkit is composed as a resource and reference guide for effective practices using common cyber-taxonomies in a manner aligned to industry standards accessible to senior management, board of directors, or other governance or compliance, risk, and legal professionals that interface with cybersecurity technical experts in the organization, the standard-setting bodies, or the authorities. While many of these effective practices are already in use by larger organizations, they could also be valuable for smaller and less complex organizations to help strengthen their cyber resilience. FSB points out that the COVID-19 pandemic highlighted the need for many organizations and authorities to consider adjustments to cyber risk management processes, cyber incident reporting, cyber incident response, and recovery activities as well as management of critical third-party service providers (for example, cloud services) and relevant stakeholders. Effective preparation and testing of incident response and recovery plans, particularly business continuity planning, facilitated organizations’ transition to remote work and operations. Furthermore, effective communication across the supply chain, including through intra-group entities and third-party service providers, is often highlighted as a key challenge.

    The draft toolkit of effective practices was published for public consultation in April 2020. In developing the consultative document, FSB conducted a stocktake of publicly released guidance from national authorities, international organizations and other external stakeholders; reviewed existing standards and case studies on past cyber incidents; and engaged with external stakeholders at workshops and bilateral meetings. FSB also drew on insights from national authorities based on their supervisory work. The public consultation period ended on July 20, 2020 and 58 responses were received from a wide range of external stakeholders, including banks, insurers, financial market intermediaries, industry associations, IT service providers, and public authorities. Drawing on the feedback from the public consultation, FSB further clarified the proportionate and risk-based nature of the toolkit to improve its usability. Second, the toolkit is better aligned with industry practices and international standards. 

     

    Related Links

    Keywords: International, Banking, Insurance, Securities, Cyber Risk, Governance, Cyber Incident, Responses and Recovery, Toolkit, Operational Risk, COVID-19, Cloud Computing, Third-Party Arrangements, FSB

    Related Articles
    News

    PRA to Elaborate on Approach to Transposition of CRD5 by Mid-December

    PRA published a statement that explains when to expect further information on the PRA approach to transposing the Capital Requirements Directive (CRD5), including its approach to revisions to the definition of capital for Pillar 2A.

    November 30, 2020 WebPage Regulatory News
    News

    SRB Sets Out Work Program for 2021-2023

    SRB published the work program for 2021-2023, setting out a roadmap to further operationalize the Single Resolution Fund and to achieve robust resolvability of banks under its remit over the next three years.

    November 30, 2020 WebPage Regulatory News
    News

    EIOPA Consults on KPIs on Sustainability for Non-Financial Reporting

    EIOPA is consulting on the relevant ratios to be mandatorily disclosed by insurers and reinsurers falling within the scope of the Non-Financial Reporting Directive as well as on the methodologies to build these ratios.

    November 30, 2020 WebPage Regulatory News
    News

    US Agencies Issue Statement on LIBOR Transition

    US Agencies (FDIC, FED, and OCC) issued a joint statement encouraging banks to cease entering into new contracts that use USD LIBOR as a reference rate as soon as practicable and in any event by December 31, 2021, to facilitate an orderly LIBOR transition.

    November 30, 2020 WebPage Regulatory News
    News

    GHOS Endorses Coordinated Approach to Mitigate COVID Risks for Banks

    The Group of Central Bank Governors and Heads of Supervision (GHOS), the oversight body of BCBS, endorsed a coordinated approach to mitigate COVID-19 risks to the global banking system.

    November 30, 2020 WebPage Regulatory News
    News

    HM Treasury Extends Consultation Dates for FRF and Solvency II Reviews

    HM Treasury extended the consultation period on Phase II of the Future Regulatory Framework (FRF) Review, from January 19, 2021 to February 19, 2021.

    November 30, 2020 WebPage Regulatory News
    News

    ECB Publishes Guide on Management of Climate and Environmental Risks

    ECB finalized guidance on the way it expects banks to prudently manage and transparently disclose climate and other environmental risks under the current prudential rules.

    November 27, 2020 WebPage Regulatory News
    News

    BCBS Amends Capital Treatment of Non-Performing Loan Securitizations

    BCBS published a technical amendment to the capital treatment of securitizations of non-performing loans by banks.

    November 26, 2020 WebPage Regulatory News
    News

    PRA Policy on Stressed VaR and RNIV Calculations Under Market Risk

    PRA published the policy statement PS23/20 on the calculation of stressed value at risk (sVAR) and risks not in value at risk (RNIV) under the market risk framework.

    November 26, 2020 WebPage Regulatory News
    News

    BoE to Move Statistical Data Collection to BEEDs Portal

    BoE announced that the Data and Statistics Division is planning to move collection of statistical data to the BoE Electronic Data Submission (BEEDS) portal.

    November 25, 2020 WebPage Regulatory News
    RESULTS 1 - 10 OF 6179