ECB publishes the cyber resilience oversight expectations
03 December 2018
The ECB publishes the final cyber resilience oversight expectations for financial market infrastructures (FMIs). Cyber resilience is an important aspect of FMIs’ operational resilience and is thus also a factor affecting the overall resilience of the financial system and the broader economy.
The cyber resilience oversight expectations are based on the global guidance on cyber resilience for financial market infrastructures. This guidance was published by the Committee on Payments and Market Infrastructures and the Board of the International Organisation of Securities Commissions (CPMI-IOSCO) in June 2016.
The cyber resilience oversight expectations serve three key purposes:
-
it provides FMIs with detailed steps on how to operationalise the guidance, ensuring they are able to foster improvements and enhance their cyber resilience over a sustained period of time;
-
it provides overseers with clear expectations to assess FMIs under their responsibility; and
-
it provides the basis for a meaningful discussion between the FMIs and their respective overseers.
The ECB received responses from 20 entities, including FMIs, banks, banking communities and associations. The ECB wishes to thank all respondents for their valuable feedback, questions and proposals for amendments.
Comments in the public consultation mostly focused on four aspects:
-
The level of prescriptiveness of the expectations;
-
The three levels of cyber maturity and how these correspond to other international cybersecurity frameworks which also have maturity models;
-
The process for oversight assessments against the cyber resilience oversight expectations; and
-
The need for harmonisation across different jurisdictions and amongst regulators, to reduce the fragmentation of regulatory expectations and facilitate oversight convergence.
The document “Response to the public consultation on the cyber resilience oversight expectations” presents a high-level overview of the comments received and summarises the main amendments to the cyber resilience oversight expectations.
Press release
Cyber resilience oversight expectations
Response to the public consultation
© ECB - European Central Bank
