ECB publishes cyber resilience oversight expectations
- Published: Tuesday, 04 December 2018 08:19
The European Central Bank (ECB) has published information about its final cyber resilience oversight expectations for financial market infrastructures (FMIs). Cyber resilience is an important aspect of FMIs’ operational resilience says the ECB ; and is therefore also a factor affecting the overall resilience of the financial system and the broader economy.
The cyber resilience oversight expectations are based on the global guidance on cyber resilience for financial market infrastructures. This guidance was published by the Committee on Payments and Market Infrastructures and the Board of the International Organisation of Securities Commissions (CPMI-IOSCO) in June 2016.
The cyber resilience oversight expectations serve three key purposes:
1. it provides FMIs with detailed steps on how to operationalise the guidance, ensuring they are able to foster improvements and enhance their cyber resilience over a sustained period of time;
2. it provides overseers with clear expectations to assess FMIs under their responsibility; and
3. it provides the basis for a meaningful discussion between the FMIs and their respective overseers.
The ECB received responses from 20 entities to a consultation on the cyber resilience oversight expectations. Comments mostly focused on four aspects:
- The level of prescriptiveness of the expectations;
- The three levels of cyber maturity and how these correspond to other international cybersecurity frameworks which also have maturity models;
- The process for oversight assessments against the cyber resilience oversight expectations; and
- The need for harmonisation across different jurisdictions and amongst regulators, to reduce the fragmentation of regulatory expectations and facilitate oversight convergence.