European Supervisory Authorities (ESAs) publish advice on information & communication technology risk management & cybersecurity

The Joint Committee of the European Supervisory Authorities (ESAs) has published two pieces of joint advice in response to requests made by the European Commission in its March 2018 FinTech Action Plan

Joint Advice on the need for legislation improvements relating to Information and Communication Technology risk management requirements in the EU financial sector:

  • Section 1.1 sets out analysis of the existing legislative requirements regarding information and communication technology (ICT) governance and security in the different sectors within the ESAs’ remit
  • Following this, detailed proposals based on this analysis are in sections 2.1 and 2.2. It is worth nothing that in carrying out their analysis of existing ICT governance and security measures, the ESAs identified two related areas that may benefit from further action at EU level – ICT incident reporting and an appropriate oversight framework for monitoring critical service providers to the extent that their activities may impact relevant entities


Joint Advice on the costs and benefits of a coherent cyber resilience testing framework for significant markets participants and infrastructure within the EU financial sector:

  • In the short term the ESAs advise to focus on achieving a minimum level of cyber-resilience across the sectors, proportionate to the needs and characteristics of the relevant entities. Furthermore, the ESAs propose to establish on a voluntary basis an EU wide coherent testing framework together with other relevant authorities taking into account existing initiatives, and with a focus on threat lead penetration testing
  • In the long term, the ESAs aim to ensure a sufficient cyber maturity level of identified cross-sector entities.
    The ESAs note that more work is needed by the ESAs together with other securities and experts to address specific practical and policy implementations questions.

 

Further information:
To read more, please follow this link:
https://bit.ly/2IzSLNp

Contact us here


Other articles

FCA Report on Cyber and Technology Resilience

FCA Report on Cyber and Technology Resilience

FCA publishes wholesale banks and asset management cyber multi-firm review findings

FCA publishes wholesale banks and asset management cyber multi-firm review findings

Please Note: This publication is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to. Readers should take legal advice before applying the information contained in this publication to specific issues or transactions.

Share Share on LinkedInShare on FacebookShare on Google+Tweet about this on Twitter
European Supervisory Authorities (ESAs) publish advice on information & communication technology risk management & cybersecurity

European Supervisory Authorities (ESAs) publish advice on information & communication technology risk management & cybersecurity

Melissa Lewis

Melissa Lewis

Digital Operations Manager at Met Facilities LLP
Melissa Lewis

Latest posts by Melissa Lewis (see all)