Committee on Payments and Market Infrastructures

ECB Consults on Cyber Resilience Oversight Expectations for FMIs

 

The European Central Bank (“ECB“) published for consultation a draft version of the cyber resilience oversight expectations (“CROE“) for financial market infrastructures (“FMIs“) on April 10, 2018.

The CROE are based on guidance on cyber resilience for FMIs that was published by the Committee on Payments and Market Infrastructures (“CPMI“) and the International Organization of Securities Commissions (“IOSCO“) in June 2016. The 2016 guidance was immediately applicable and the CROE form part of the oversight of the guidance, setting out assessment criteria for supervisors to use.

The CROE also provides FMIs in the euro area with steps on how to implement the guidance and enhance their cyber resilience.

In line with the guidance, the CROE covers five primary risk management categories:

(i).   Governance.

(ii).  Identification.

(iii). Protection.

(iv). Detection.

(v).  Response and recovery.

It also covers three overarching components which relate to testing, situational awareness, and learning and evolving.

The CROE use a maturity model that provides supervisors and FMIs with a benchmark against which they can evaluate FMIs’ current level of cyber resilience, measure progression and establish priority areas for improvement.

The webpage for the consultation invites FMIs and other interested parties to provide their input on the draft CROE. The deadline for responses is June 5, 2018.

The ECB provided an overview of the Eurosystem cyber resilience strategy for FMIs in a speech in November 2017.

IOSCO Publishes Consultation Paper on Risk Mitigation Standards for Non-Centrally Cleared OTC Derivatives

On September 17, the IOSCO published a consultation paper on risk mitigation standards for non-centrally cleared OTC derivatives (CR06/2014).

The standards have been developed in consultation with the Basel Committee on Banking Supervision and the Committee on Payments and Market Infrastructures and propose nine standards whose objectives are to increase financial stability, facilitate the management of counterparty credit and other risks and promote legal certainty.

Comments are invited before the closing of the consultation on October 17.  Consultation.