The Basel Committee for Banking Supervision (BCBS) met in September 2021 and reviewed climate-related financial risks, discussed impact of digitalization, and welcomed efforts by the International Financial Reporting Standards (IFRS) Foundation to develop a common set of sustainability reporting standards and establish an International Sustainability Standards Board or ISSB. BCBS also published a newsletter calling on banks to improve their resilience to cyber threats. Following the publication of a series of analytical reports on climate-related financial risks in April 2021, BCBS is assessing the extent to which the Basel framework adequately mitigates such risks. As part of this work, it is developing a set of related supervisory practices, which it plans to consult on later this year. It will also consider whether any additional disclosure, supervisory, and/or regulatory measures are needed.
In the newsletter on cyber security, BCBS notes that it is important for all banking authorities to encourage the institutions they oversee to adopt tools, effective practices, and frameworks, including provisions for testing their efficacy, for cyber risk management that are aligned with widely accepted industry standards. Adopting such approaches will allow banks to better identify, assess, manage, and mitigate their exposures to cyber risks, including those arising from third-party service providers. This will foster greater resilience to cyber threats and incidents in furtherance of the Principles for the Sound Management of Operational Risk (PSMOR) and the Principles for Operational Resilience (POR), which the BCBS published in March 2021. BCBS, in general, does not endorse any particular tool, effective practice, or framework, but welcomes the adoption by banks of those in use globally that align with widely accepted industry standards. The commonality of content and form across these standards demonstrates the global consensus that now exists on key cyber security principles. Available tools, effective practices, and frameworks aligned with industry standards include the National Institute of Standards and Technology (NIST) Cybersecurity Framework, the International Organization for Standardization (ISO) 2700x, and the Center for Internet Security Critical Security Controls. In addition, supervisors may wish to encourage their banks to use resources such as the FSB's Cyber Incident Response and Recovery toolkit and its cyber lexicon. Many of these tools, effective practices, and frameworks are publicly and freely available to banks.
Keywords: International, Banking, Newsletter, Fintech, Climate Change Risk, ESG, ISSB, IFRS, Operational Resilience, Operational Risk, Cyber Risk, Regtech, Reporting, Disclosures Basel, BCBS
Previous ArticleOCC Revises Retail Lending Booklet of Comptroller's Handbook
The European Banking Authority (EBA) published the final draft regulatory technical standards specifying the criteria to identify shadow banking entities for the purposes of reporting large exposures.
The European Commission (EC) published the Delegated Regulation 2022/786 with regard to the liquidity coverage requirements for credit institutions under the Capital Requirements Regulation (CRR).
The Office of the Superintendent of Financial Institutions (OSFI) published the strategic plan for 2022-2025 and the departmental plan for 2022-23.
The European Banking Authority (EBA) is consulting, until August 31, 2022, on the draft implementing technical standards specifying requirements for the information that sellers of non-performing loans (NPLs) shall provide to prospective buyers.
The European Council and the Parliament reached an agreement on the revised Directive on security of network and information systems (NIS2 Directive).
The European Banking Authority (EBA) published the final draft regulatory technical standards specifying information that crowdfunding service providers shall provide to investors on the calculation of credit scores and prices of crowdfunding offers.
The European Council published a draft Commission Delegated Regulation to amend the regulatory technical standards on specification of the calculation of specific and general credit risk adjustments.
The European Securities and Markets Authority (ESMA) published a paper that examines the systemic risk posed by increasing use of cloud services, along with the potential policy options to mitigate this risk.
The Monetary Authority of Singapore (MAS) published amendments to Notice 635, which sets out requirements that a bank in Singapore has to comply with when granting an unsecured non-card credit facility to individuals.
The European Commission (EC) published a public consultation on the review of revised payment services directive (PSD2) and open finance.