The International Organization of Securities Commissions (IOSCO) and the Committee on Payments and Market Infrastructures (CPMI) released proposed new guidance on cyber resilience for organizations that make up the financial market infrastructure (FMIs) on Tuesday, calling on the FMIs to ensure they have robust cyber defences and recovery plans in place.
Given their critical role in ensuring the stability of the financial system, the cyber risks that FMIs face are top priorities for financial services sector leaders and authorities, the regulators say.
The guidance “aims to add momentum to, and instil international consistency in, the industry’s ongoing efforts to enhance FMIs’ ability to pre-empt cyber attacks, respond rapidly and effectively to them and achieve faster and safer target recovery objectives if they succeed.”
Among other things, the new guidance stresses that board and senior management attention is critical to a successful cyber resilience strategy; that cyber resilience requires continuous improvement and should be approached as a collective endeavour; and that the ability to resume operations quickly and safely after a successful cyber attack is “paramount.”
The proposed guidance sets out the steps that FMIs should undertake to enhance their cyber resilience capabilities and it provides regulators with a set of internationally agreed guidelines to support consistent and effective oversight and supervision of FMIs in the area of cyber risk.
“This is an important report because cyber attacks in the financial [services] sector have the potential to create widespread financial instability,” says Benoît Cœuré, chairman of the CPMI, in a statement. “Nobody should assume they will be able to prevent cyber attacks in all circumstances. Therefore, the Cyber Guidance addresses the need for an FMI to resume its operations quickly and safely after an attack has occurred. This is not an easy task and may require innovative thinking that goes beyond the traditional approaches to operational resilience.”
Greg Medcraft, chairman of IOSCO, stresses that the proposed guidance, “reflects an urgency to address the increasing risks that cyber threats pose to FMIs and financial stability, as well as the need for a co-ordinated approach.”
Adds Medcraft: “At the FMI level, too, cyber resilience cannot be achieved by individual institutions alone in our highly interconnected financial sector. The broader ‘ecosystem’ needs to work in unison. The guidance calls upon the ecosystem to do just that. We hope to collaborate with all stakeholders to meaningfully enhance the cyber resilience of our financial system as we refine these proposals and later implement them.”
Comments on the proposed guidance are due by Feb. 23, 2016.