Featured Product

    FSB Sets Out Effective Practices for Cyber Incident Recovery

    October 19, 2020

    FSB finalized the toolkit of effective practices to assist financial institutions in their cyber incident response and recovery activities. The toolkit includes 49 practices for effective cyber incident response and recovery across seven components, which are governance, planning and preparation, analysis, mitigation, restoration and recovery, coordination and communication, and improvement. The final toolkit was delivered to G20 Finance Ministers and Central Bank Governors for their October meeting. FSB also published an overview of responses received to the consultation on this toolkit. The overview explains the main issues raised in the public consultation, along with the changes made to the final toolkit to address these issues.

    The toolkit presents effective practices that organizations have adopted while taking into account jurisdictions’ legislative, judicial, and regulatory frameworks, the size of the organization, the role of the organization in the financial ecosystem, and the extent to which stakeholders are affected by a cyber incident. The toolkit is composed as a resource and reference guide for effective practices using common cyber-taxonomies in a manner aligned to industry standards accessible to senior management, board of directors, or other governance or compliance, risk, and legal professionals that interface with cybersecurity technical experts in the organization, the standard-setting bodies, or the authorities. While many of these effective practices are already in use by larger organizations, they could also be valuable for smaller and less complex organizations to help strengthen their cyber resilience. FSB points out that the COVID-19 pandemic highlighted the need for many organizations and authorities to consider adjustments to cyber risk management processes, cyber incident reporting, cyber incident response, and recovery activities as well as management of critical third-party service providers (for example, cloud services) and relevant stakeholders. Effective preparation and testing of incident response and recovery plans, particularly business continuity planning, facilitated organizations’ transition to remote work and operations. Furthermore, effective communication across the supply chain, including through intra-group entities and third-party service providers, is often highlighted as a key challenge.

    The draft toolkit of effective practices was published for public consultation in April 2020. In developing the consultative document, FSB conducted a stocktake of publicly released guidance from national authorities, international organizations and other external stakeholders; reviewed existing standards and case studies on past cyber incidents; and engaged with external stakeholders at workshops and bilateral meetings. FSB also drew on insights from national authorities based on their supervisory work. The public consultation period ended on July 20, 2020 and 58 responses were received from a wide range of external stakeholders, including banks, insurers, financial market intermediaries, industry associations, IT service providers, and public authorities. Drawing on the feedback from the public consultation, FSB further clarified the proportionate and risk-based nature of the toolkit to improve its usability. Second, the toolkit is better aligned with industry practices and international standards. 

     

    Related Links

    Keywords: International, Banking, Insurance, Securities, Cyber Risk, Governance, Cyber Incident, Responses and Recovery, Toolkit, Operational Risk, COVID-19, Cloud Computing, Third-Party Arrangements, FSB

    Related Articles
    News

    EBA Publishes Final Regulatory Standards on STS Securitizations

    The European Banking Authority (EBA) published the final draft regulatory technical standards specifying and, where relevant, calibrating the minimum performance-related triggers for simple.

    September 20, 2022 WebPage Regulatory News
    News

    ECB Further Reviews Costs and Benefits Associated with IReF

    The European Central Bank (ECB) is undertaking the integrated reporting framework (IReF) project to integrate statistical requirements for banks into a standardized reporting framework that would be applicable across the euro area and adopted by authorities in other EU member states.

    September 15, 2022 WebPage Regulatory News
    News

    BCBS to Finalize Crypto Rules by End-2022; US to Propose Basel 3 Rules

    The Basel Committee on Banking Supervision met, shortly after a gathering of the Group of Central Bank Governors and Heads of Supervision (GHOS), the oversight body of BCBS.

    September 15, 2022 WebPage Regulatory News
    News

    IOSCO Welcomes Work on Sustainability-Related Corporate Reporting

    The International Organization of Securities Commissions (IOSCO) welcomed the work of the international audit and assurance standard setters—the International Auditing and Assurance Standards Board (IAASB)

    September 15, 2022 WebPage Regulatory News
    News

    EBA Publishes Funding Plans Report, Receives EMAS Certification

    The European Banking Authority (EBA) has been awarded the top European Standard for its environmental performance under the European Eco-Management and Audit Scheme (EMAS).

    September 15, 2022 WebPage Regulatory News
    News

    MAS Launches SaaS Solution to Simplify Listed Entity ESG Disclosures

    The Monetary Authority of Singapore (MAS) set out the Financial Services Industry Transformation Map 2025 and, in collaboration with the SGX Group, launched ESGenome.

    September 15, 2022 WebPage Regulatory News
    News

    BoE Allows One-Day Delay in Statistical Data Submissions by Banks

    The Bank of England (BoE) published a Statistical Notice (2022/18), which informs that due to the Bank Holiday granted for Her Majesty Queen Elizabeth II’s State Funeral on Monday September 19, 2022.

    September 14, 2022 WebPage Regulatory News
    News

    ACPR Amends Reporting Module Timelines Under EBA Framework 3.2

    The French Prudential Control and Resolution Authority (ACPR) announced that the European Banking Authority (EBA) has updated its filing rules and the implementation dates for certain modules of the EBA reporting framework 3.2.

    September 14, 2022 WebPage Regulatory News
    News

    ECB Paper Discusses Disclosure of Climate Risks by Credit Agencies

    The European Central Bank (ECB) published a paper that examines how credit rating agencies accepted by the Eurosystem, as part of the Eurosystem Credit Assessment Framework (ECAF)

    September 13, 2022 WebPage Regulatory News
    News

    APRA to Modernize Prudential Architecture, Reduces Liquidity Facility

    The Australian Prudential Regulation Authority (APRA) announced reduction in the aggregate Committed Liquidity Facility (CLF) for authorized deposit-taking entities to ~USD 33 billion on September 01, 2022.

    September 12, 2022 WebPage Regulatory News
    RESULTS 1 - 10 OF 8514