Wednesday, June 29, 2016 4:08 PM / ISCO/MR/17/2016
The Committee on Payments and Market Infrastructures (CPMI)1 and the Board of the International Organization of Securities Commissions (IOSCO)2 today released the final report Guidance on cyber resilience for financial market infrastructures (“Cyber Guidance”).3
This Cyber Guidance is the first internationally agreed guidance on cyber security for the financial industry. It has been developed against the backdrop of a rising number of cyber-attacks against the financial sector and in a context where attacks are becoming increasingly sophisticated.
“This is a landmark report for the financial industry. FMIs have come to the fore as financial sector hubs at a time when cyber resilience is a key priority for the financial industry. This is indeed a timely document, and FMIs should take action immediately to implement its recommendations,” said Benoît Cœuré, Chairman of the CPMI.
The aim of the Cyber Guidance is to add momentum to the industry’s ongoing efforts to enhance financial market infrastructures’ (FMIs’) ability to pre-empt cyber-attacks, respond rapidly and effectively to them, and achieve faster and safer target recovery objectives if the attacks succeed. Another goal is to ensure that these efforts to build resilience are similar from one country to another. Thus, the Cyber Guidance provides authorities with a set of internationally agreed guidelines to support consistent and effective oversight and supervision of FMIs in the area of cyber risk.
Ashley Alder, Chairman of IOSCO, said: “Implementation of the guidance represents an important step in strengthening the cyber resilience of FMIs and the ecosystem within which they operate.”
The safe and efficient operation of FMIs is essential to maintaining and promoting financial stability and economic growth. If not properly managed, FMIs can be a source of financial shocks, such as liquidity dislocations and credit losses, or a major channel through which these shocks are transmitted across domestic and international financial markets. In this context, the level of cyber resilience, which contributes to an FMI’s operational resilience, can be a decisive factor in the overall resilience of the financial system and the broader economy.
Key concepts built into the Cyber Guidance include the following:
Cyber resilience cannot be achieved by an FMI alone; it is a collective endeavour of the whole “ecosystem”.