Follow Us

Follow us on Twitter  Follow us on LinkedIn
 

29 June 2016

BIS: CPMI-IOSCO release guidance on cyber resilience for financial market infrastructures


Default: Change to:


This Cyber Guidance is the first internationally agreed guidance on cyber security for the financial industry. It has been developed against the backdrop of a rising number of cyber attacks against the financial sector and in a context where attacks are becoming increasingly sophisticated.


"This is a landmark report for the financial industry. FMIs have come to the fore as financial sector hubs at a time when cyber resilience is a key priority for the financial industry. This is indeed a timely document, and FMIs should take action immediately to implement its recommendations," said Benoît Cœuré, Chairman of the Committee on Payments and Market Infrastructures (CPMI).

The aim of the Cyber Guidance is to add momentum to the industry's ongoing efforts to enhance financial market infrastructures' (FMIs') ability to pre-empt cyber attacks, respond rapidly and effectively to them, and achieve faster and safer target recovery objectives if the attacks succeed. Another goal is to ensure that these efforts to build resilience are similar from one country to another. Thus, the Cyber Guidance provides authorities with a set of internationally agreed guidelines to support consistent and effective oversight and supervision of FMIs in the area of cyber risk.

Ashley Alder, Chairman of the International Organization of Securities Commissions (IOSCO), said: "Implementation of the guidance represents an important step in strengthening the cyber resilience of FMIs and the ecosystem within which they operate."

The safe and efficient operation of FMIs is essential to maintaining and promoting financial stability and economic growth. If not properly managed, FMIs can be a source of financial shocks, such as liquidity dislocations and credit losses, or a major channel through which these shocks are transmitted across domestic and international financial markets. In this context, the level of cyber resilience, which contributes to an FMI's operational resilience, can be a decisive factor in the overall resilience of the financial system and the broader economy.

Key concepts built into the Cyber Guidance include the following:

  • Sound cyber governance is key. Board and senior management attention is critical to a successful cyber resilience strategy.
  • The ability to resume operations quickly and safely after a successful cyber attack is paramount.
  • FMIs should make use of good-quality threat intelligence and rigorous testing.
  • FMIs should aim to instil a culture of cyber risk awareness and demonstrate ongoing re-evaluation and improvement of their cyber resilience at every level within the organisation.
  • Cyber resilience cannot be achieved by an FMI alone; it is a collective endeavour of the whole "ecosystem".

Press release

Full publication



© BIS - Bank for International Settlements


< Next Previous >
Key
 Hover over the blue highlighted text to view the acronym meaning
Hover over these icons for more information



Add new comment