Featured Product

    BoE Releases Findings of Cyber Simulation Exercise in Financial Sector

    September 27, 2019

    BoE published a report on the high-level findings of cyber simulation exercise in the financial sector. The exercise, which took place on November 09, 2018, explored the resilience of financial sector to a major cyber incident impacting the UK. The exercise was commissioned by the Cross Market Operational Resilience Group jointly chaired by BoE and UK Finance. The exercise demonstrated that recommendations from the last sector exercise have been implemented and identified further opportunities for improvement.

    The exercise also successfully rehearsed work of the Cross Market Business Continuity Group, an executive-level group chaired by BoE to enable financial authorities (BoE, PRA, FCA, and HM Treasury) to interact with the sector during times of major operational disruption. Along with the financial authorities, participants included 29 of the most systemically important firms and Financial Market Infrastructures. Participants responded to a severe but plausible cyber-attack scenario targeting the sector. The following are the key findings and recommendations of the exercise:

    • Opportunities to improve the way firms coordinate at an operational level during incidents that impact the sector. To address the improvements, a review of the sector response framework will be undertaken to ensure that the sector can communicate and co-ordinate at an operational level during a crisis. In addition the Finance Sector Cyber Collaboration Center (FSCCC) will also be integrated into the response framework to ensure that the technical coordination capability it provides is incorporated into the broader response landscape.
    • Disparity in risk tolerance for suspending services could impact the functioning of the financial sector. In the case of system integrity issues, participant decision making and risk appetite for suspending services varied significantly. The future work will focus on the production of industry guidelines and good practice for managing potential controlled suspension of services and system integrity risks.
    • Recovery of services is impacted by differences in the way data is stored across the financial sector. The exercise found that the ability of participants to support another operationally paralyzed bank is constrained by the different ways in which data is stored. This restricts how contingencies could be used for the benefit of the sector as a whole. To improve response capability, work will be completed to scope the technical and data requirements for providing services via alternative channels. This will be followed by a strategy paper and playbook to support coordination of this contingency during a live incident.
    • Effective and consistent communications are key to maintaining customer and market confidence. The exercise recognized the importance of effective communications in maintaining customer and market confidence in the system. It demonstrated that use of UK Finance’s incident management communications framework and coordination has significantly improved collective communications, with public lines developed in under an hour. To improve consistency and clarity of often complex technical messaging, future work will focus on the production of industry guidelines on good incident communications practices and consistent definition and use of terminology.

    The financial authorities, in partnership with financial sector firms, will act on the recommendations resulting from this exercise and will work to deliver improvements to the resilience and response capability of the financial sector. Delivery against these recommendations has already been initiated and is planned to continue into 2020.


    Related Links 

    Keywords: Europe, UK, Banking, Cyber Risk, Operational Risk, Cyber Simulation Exercise, Cyber Resilience, UK Finance, BoE

    Related Articles

    EBA Finalizes Templates for One-Off Climate Risk Scenario Analysis

    The European Banking Authority (EBA) has published the final templates, and the associated guidance, for collecting climate-related data for the one-off Fit-for-55 climate risk scenario analysis.

    November 28, 2023 WebPage Regulatory News

    EBA Mulls Inclusion of Environmental & Social Risks to Pillar 1 Rules

    The European Banking Authority (EBA) recently published a report that recommends enhancements to the Pillar 1 framework, under the prudential rules, to capture environmental and social risks.

    October 31, 2023 WebPage Regulatory News

    BCBS Consults on Disclosure of Crypto-Asset Exposures of Banks

    As a follow on from its prudential standard on the treatment of crypto-asset exposures, the Basel Committee on Banking Supervision (BCBS) proposed disclosure requirements for crypto-asset exposures of banks.

    October 19, 2023 WebPage Regulatory News

    BCBS and EBA Publish Results of Basel III Monitoring Exercise

    The Basel Committee on Banking Supervision (BCBS) and the European Banking Authority (EBA) have published results of the Basel III monitoring exercise.

    October 18, 2023 WebPage Regulatory News

    PRA Updates Timeline for Final Basel III Rules, Issues Other Updates

    The Prudential Regulation Authority (PRA) recently issued a few regulatory updates for banks, with the updated Basel implementation timelines being the key among them.

    October 18, 2023 WebPage Regulatory News

    US Treasury Sets Out Principles for Net-Zero Financing

    The U.S. Department of the Treasury has recently set out the principles for net-zero financing and investment.

    October 17, 2023 WebPage Regulatory News

    EC Launches Survey on G7 Principles on Generative AI

    The European Commission (EC) launched a stakeholder survey on the draft International Guiding Principles for organizations developing advanced artificial intelligence (AI) systems.

    October 14, 2023 WebPage Regulatory News

    ISSB Sustainability Standards Expected to Become Global Baseline

    The finalization of the two sustainability disclosure standards—IFRS S1 and IFRS S2—is expected to be a significant step forward in the harmonization of sustainability disclosures worldwide.

    September 18, 2023 WebPage Regulatory News

    IOSCO, BIS, and FSB to Intensify Focus on Decentralized Finance

    Decentralized finance (DeFi) is expected to increase in prominence, finding traction in use cases such as lending, trading, and investing, without the intermediation of traditional financial institutions.

    September 18, 2023 WebPage Regulatory News

    BCBS Assesses NSFR and Large Exposures Rules in US

    The Basel Committee on Banking Supervision (BCBS) published reports that assessed the overall implementation of the net stable funding ratio (NSFR) and the large exposures rules in the U.S.

    September 14, 2023 WebPage Regulatory News
    RESULTS 1 - 10 OF 8938