Cybersecurity

The ESAs Published a Joint Committee Report on Cross-Sector Risks Facing EU Financial System

 

On April 20, 2017, the Joint Committee of the European Supervisory Authorities (the “ESAs“) published its April 2017 report on risks and vulnerabilities in the EU financial system.

The ESA highlights the following main risks to the financial system:

The banking sector is being affected by high levels of non-performing loans (“NPLs“), high litigation costs, overcapacity and lack of focus in strategies to return to sustained profitability. Addressing low profitability challenges includes increasing supervisory action, making progress in structural reforms and improving the efficiency of secondary markets. Insurers face substantial challenges arising from prolonged low interest rates, and the fund industry’s rates of returns are subdued and remain mostly negative.

Increased asset price volatility and liquidity concerns have heightened risks relating to adequate valuation of asset prices. This has been exacerbated by political uncertainties.

Interconnectedness adds to financial sector risks. This includes concentration risk caused by highly correlated equity price movements for insurers and banks and high exposures of EU insurers to EU banks. Interconnectedness with the wider financial system is also increasing.

Cyber risk appears as a major risk and is on the rise. Currently, denial-of-service attacks, data theft or manipulation, malicious software, misinformation and false identification are the most relevant forms. Operational risks related to ICT risks also appear to be on the rise across the financial sector. The ESAs are responding to cyber and IT-related risks by, for example, drafting guidelines on ICT risk assessment for supervisors, assessing cybersecurity capabilities of central counterparties and assessing the potential accumulation of risk for insurers deriving from newly developed cybersecurity coverages.

Agencies Issue Advanced Notice of Proposed Rulemaking on Enhanced Cyber Risk Management Standards

 

On October 19, 2016, the Federal Reserve Board, the Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency announced proposed rules relating to cybersecurity and risk management concerns that would apply to larger institutions under their purview. FDIC Press Release. Federal Reserve Press Release. OCC Press Release.

U.S. Treasury Department Issues White Paper on Online Marketplace Lending Industry

On May 10, 2016, the Department of the Treasury issued a white paper on online marketplace lending that maps the current market landscape, reviews industry insights and offers policy proposals for the road ahead.  Based on approximately 100 responses from online marketplace lenders, financial institutions, investors and other key industry figures, the Treasury, in consultation with the CFPB, FDIC, Federal Reserve Board, FTC, OCC, SBA and SEC, made several notable recommendations and observations.

The white paper explores policies that would expand regulatory oversight, including standardized representations and warranties in securitizations, pricing methodology standards, the implementation of a registry for tracking data on transactions and the reporting of loan-level performance, among others.  In addition, the Treasury mentions potential cybersecurity threats, anti-money laundering, the uneven protections and regulations in place for small business borrowers and the growth of the mortgage and auto loan markets as some of the emerging trends to monitor.  The Treasury is also considering the role of federal agencies in regulating these areas, including the formation of an interagency working group for online market place lending.  Press ReleaseWhite Paper.

SEC Staff Issues Update Guidance Regarding Cybersecurity

Recently, the Staff of the Division of Investment Management of the Securities and Exchange Commission (the “Staff”) issued updated Guidance that highlights the importance of cybersecurity of registered investment funds and registered investment advisers.  The Guidance discusses a number of measures that funds and advisers may wish to consider when addressing cybersecurity risks.  In particular, the Staff identified a number of measures that funds and advisers may with to consider in addressing cybersecurity risk.  It further advised that funds and advisers should identify their respective compliance obligations when assessing their ability to prevent, detect and respond to cyber attacks.  Fund managers and advisers should anticipate that cybersecurity will be a focal point of the Staff’s examination program.  Guidance Update.