Regulatory approaches to enhance banks’ cyber-security frameworks

“Recent high-profile cyber-attacks on financial institutions have focused attention on the need to strengthen cyber-security. Banks have the most public-facing products and services, and are thus significantly vulnerable to potential cyber-attacks. Consequently, cyber-risk is a major concern for most bank supervisors.

However, only a handful of jurisdictions have specific regulatory and supervisory initiatives that seek to address banks’ cyber-risk; these notably include Hong Kong SAR, Singapore, the United Kingdom and the United States. This paper therefore analyses the regulatory and supervisory frameworks for banks’ cyber-risk in these jurisdictions. It notes that, while there may be different views on the need to specifically regulate cyber-risk or how prescriptive these regulations should be, some common regulatory requirements are now emerging. Moreover, the supervisory approaches to assessing banks’ cyber-risk vulnerability and resilience seem to be converging towards a “threat-informed” or “intelligence-led” framework.

The paper also offers some high-level policy considerations, which may be helpful for banking supervisory authorities contemplating or planning to introduce or enhance cyber-risk regulation and supervision for banks.”

 Full PDF

Source : BIS

About Kilian Cuche

Etudiant en information documentaire. Passionné par les nouvelles technologies, l'actualité et la politique.
This entry was posted in Cyber Security, Press Review, Regulation, Swiss Banking and tagged . Bookmark the permalink.

Leave a Reply