European Supervisory Authorities (ESAs) publish advice on information & communication technology risk management & cybersecurity
The Joint Committee of the European Supervisory Authorities (ESAs) has published two pieces of joint advice in response to requests made by the European Commission in its March 2018 FinTech Action Plan
Joint Advice on the need for legislation improvements relating to Information and Communication Technology risk management requirements in the EU financial sector:
- Section 1.1 sets out analysis of the existing legislative requirements regarding information and communication technology (ICT) governance and security in the different sectors within the ESAs’ remit
- Following this, detailed proposals based on this analysis are in sections 2.1 and 2.2. It is worth nothing that in carrying out their analysis of existing ICT governance and security measures, the ESAs identified two related areas that may benefit from further action at EU level – ICT incident reporting and an appropriate oversight framework for monitoring critical service providers to the extent that their activities may impact relevant entities
Joint Advice on the costs and benefits of a coherent cyber resilience testing framework for significant markets participants and infrastructure within the EU financial sector:
- In the short term the ESAs advise to focus on achieving a minimum level of cyber-resilience across the sectors, proportionate to the needs and characteristics of the relevant entities. Furthermore, the ESAs propose to establish on a voluntary basis an EU wide coherent testing framework together with other relevant authorities taking into account existing initiatives, and with a focus on threat lead penetration testing
- In the long term, the ESAs aim to ensure a sufficient cyber maturity level of identified cross-sector entities.
The ESAs note that more work is needed by the ESAs together with other securities and experts to address specific practical and policy implementations questions.
Further information:
To read more, please follow this link:
https://bit.ly/2IzSLNp
Contact us here
Other articles
FCA Report on Cyber and Technology Resilience
FCA publishes wholesale banks and asset management cyber multi-firm review findings
Please Note: This publication is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to. Readers should take legal advice before applying the information contained in this publication to specific issues or transactions.
European Supervisory Authorities (ESAs) publish advice on information & communication technology risk management & cybersecurity
