News

SUBSCRIBE to our weekly e-mail (with live links) for just €5 per month
+++++++++++++++

ELEC Paper: Why EU Capital Markets Union has become a “must have” and how to get there -Feb 2024

My collected papers - 1989/1993: Market Discipline in EMU

Public Information

Expand

Graham Bishop Consultancy

Friends of GrahamBishop.com

Brussels 4 Breakfast

CPD / Education and Learning

Graham Bishop - Biography

Graham's Blogs

Graham's Media Activities

Graham's Speeches

Graham's Writing

Press Resources

Photographs

My `pro bono' work

How you can support this work

Why my `pro bono' work is relevant to markets

Technical Difficulties

Privacy Policy

Terms and Conditions

Tweets by @GrahamBishopcom

Follow @GrahamBishopcom

Article List:

ECIIA: Auditing Cybe...
BIS: Benoît Cœuré ap...
AFME publishes 14 in...
EFAMA: IIFA cybersec...
WSBI – ESBG: Cyberse...
BIS: Regulating fint...
BIS: The suptech gen...
>>EBF position on Cybe...
Insurance Europe: Ne...
European Parliament'...
VoxEU: The emergence...
The Economist: The r...
Financial Times: Tec...
VoxEU: Banking, FinT...
AFME: Artificial Int...

Home>Fin Tech Regulation

Print Page Save to My Library <Next Article Previous Article>

16 October 2019

EBF position on Cyber incident reporting

This document aims to address the fragmentation of the EU cyber incident reporting framework, resulting from the existence of several different incident reporting requirements across Europe, and to make proposals for regulators and policymakers for fostering information sharing and cooperation between Financial Institutions and Supervisory Authorities.

Depending on the type of incident, the reporting entity and the different legislations that apply, the current regulatory framework for incident reporting is characterised by:

Different taxonomies;

Different timelines, thresholds, information requirements and multiple templates for reporting;

Various actors involved, from both the sender and receiver sides;

Insufficient clarity in existing communication channels between public bodies and authorities (e.g. Europol, national law enforcement, national financial regulatory bodies, national CERTs).

These elements create additional regulatory and operational burdens that financial institutions have to abide by during or immediately after having suffered a cyber incident. They also prevent the creation of more centralised and uniform mechanisms that can speed up the reporting process and enable a smoother exchange of information and good practices. Due to the complex rules and reporting channels, existing different requirements result in coordination and compliance challenges.

In order to ensure that financial institutions are able to quickly and effectively report cyber incidents without at the same time sacrificing a proper incident management and recovery process, and very much in line with the ESAs Joint Advice on legislative improvements, the European Banking Federation (EBF) makes the following proposals for supervisors and regulators:

Establish a central reporting and coordination hub in each Member State;

Harmonise reporting thresholds and create a common taxonomy for cyber security incidents;

Foster public-private real-time collaboration between regulators, supervisors, law enforcement, financial institutions and other cross-sectoral infrastructure actors;

Further involve national CERTs in information sharing;

Introduce a regular bi-directional information flow between regulators/ supervisors and the industry.

Full position on EBF

© EBF

< Next Previous >

Key
Hover over the blue highlighted text to view the acronym meaning
Hover over these icons for more information

Comments:

No Comments for this Article

Add new comment

Show name and company details

Follow Us

News

Public Information

Article List:

16 October 2019

EBF position on Cyber incident reporting

© EBF

Key

Comments: