The latest resilience news from around the world

ECB publishes cyber resilience oversight expectations

The European Central Bank (ECB) has published information about its final cyber resilience oversight expectations for financial market infrastructures (FMIs). Cyber resilience is an important aspect of FMIs’ operational resilience says the ECB ; and is therefore also a factor affecting the overall resilience of the financial system and the broader economy.

The cyber resilience oversight expectations are based on the global guidance on cyber resilience for financial market infrastructures. This guidance was published by the Committee on Payments and Market Infrastructures and the Board of the International Organisation of Securities Commissions (CPMI-IOSCO) in June 2016.

The cyber resilience oversight expectations serve three key purposes:

1. it provides FMIs with detailed steps on how to operationalise the guidance, ensuring they are able to foster improvements and enhance their cyber resilience over a sustained period of time;

2. it provides overseers with clear expectations to assess FMIs under their responsibility; and

3. it provides the basis for a meaningful discussion between the FMIs and their respective overseers.

The ECB received responses from 20 entities to a consultation on the cyber resilience oversight expectations. Comments mostly focused on four aspects:

  • The level of prescriptiveness of the expectations;
  • The three levels of cyber maturity and how these correspond to other international cybersecurity frameworks which also have maturity models;
  • The process for oversight assessments against the cyber resilience oversight expectations; and
  • The need for harmonisation across different jurisdictions and amongst regulators, to reduce the fragmentation of regulatory expectations and facilitate oversight convergence.

Read the Cyber resilience oversight expectations for financial market infrastructures document (PDF).



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.