On 17 October 2022, the Financial Stability Board (FSB) published a consultative document on Achieving Greater Convergence in Cyber Incident Reporting (CIR). In parallel, the FSB invited feedback on this document. Back in 2021, the FSB already published a report on CIR. The report set out three ways the FSB would take work forward to achieve greater convergence in cyber incident reporting: developing best practices, creating common terminologies for CIR, and identifying common types of information to be shared across jurisdictions and sectors.
To inform on its work, the FSB conducted a survey amongst FSB members to identify the most common reporting objectives and types of reporting performed; understanding the practical issues financial authorities and financial institutions have in collecting or using incident information; identifying the information items authorities collect to meet the common reporting objectives, including a review of existing incident reporting templates; and exploring the mechanisms for financial authorities to share incident information across borders and sectors.
Drawing on the survey findings, the FSB has set out recommendations to address impediments to achieving greater convergence in CIR with a view to promote better practices. This work also helped to inform refinements to the Cyber Lexicon, which resulted in the addition of four terms and revision of three definitions. The FSB also reviewed financial authorities’ incident reporting templates and identified commonalities in the information collected. Leveraging on this work, the FSB presented a concept for a format for incident reporting exchange (FIRE) to promote convergence, address operational challenges arising from reporting to multiple authorities and foster better communication.
In the face of the above mentioned initiative, WSBI-ESBG replied to the call for feedback on this consultative document on cyber incident reporting, in particular calling for a harmonised reporting approach between different regulatory bodies, processes, and data requests. In terms of promoting greater convergence in CIR, financial authorities could offer tools and platforms that minimize operational issues for reporting of incidents.
Finally, members underlined the importance of having clear definitions to avoid confusion and to differentiate between the terms ‘cyber incident’ and the subcategory thereof of ‘cybersecurity incident’.
related
European Banking Authority (EBA) on ESG risk management
The European Savings and Retail Banking Group (ESBG) submitted its response to the consultation launched by the European Banking Authority (EBA). ESBG insists on the need for consitency with CSRD and CSDDD, the addressees of this guideline should also
Enhancing Transparency in Bank Disclosures: ESBG delivers comprehensive response to the EBA’s Pillar 3 data hub consultation
On 14 December 2023, the European Banking Authority (EBA) published a discussion paper on the Pillar 3 data hub processes and its possible practical implications.
IASB Exposure Draft (ED) on Financial Instruments with Characteristics of Equity
On 29 November 2023, the International Accounting Standards Board (IASB) proposed amendments in an Exposure Draft to tackle challenges in financial reporting for instruments with both
ESBG’s response to the EFRAG Comment Letter on Financial Instruments with Characteristics of Equity
On 29 November 2023, the International Accounting Standards Board (IASB) proposed amendments in an Exposure Draft to tackle
ESBG advocates for increased clarity and streamlining of supervisory reporting requirements
On 14 March, ESBG submitted its response to the European Banking Authority (EBA) consultation on ITS amending Commission Implementation Regulation (EU) 2021/451 regarding supervisory reporting
WSBI-ESBG advocates for robust implementation of the BCBS Pillar 3 framework for climate-related financial risks
On 14 March, WSBI-ESBG submitted its response to the Basel Committee on Banking Supervision (BCBS) consultation on its Pillar 3 disclosure framework for climate-related financial risks
ESBG stresses the need for consistency and clarity in its Response to the SFDR Review Consultation
ESBG submitted its response to the European Commission’s consultation on the SFDR review, aiming to enhance transparency in sustainability-related disclosures within the financial services sector
ESBG response to the EBA’s consultation on Guidelines on preventing the abuse of funds and certain crypto-assets transfers for ML/TF
The guidelines on the “travel rule” delineate the actions that Payment Service Providers (PSPs), Intermediary PSPs
ESBG responds to the SRB consultation on the future MREL policy
The European Savings and Retail Banking Group (ESBG) submitted its response to the consultation launched by the Single Resolution Board (SRB) in December 2023 on the future of the Minimum Requirement for own funds
ESBG’s response to the Commission’s consultation on the GDPR
The primary EU legislation ensuring the fundamental right to data protection is the General Data Protection Regulation