Europe’s financial supervisory authorities have advised against the introduction of a coherent cyber resilience testing framework for the continent’s market participants and infrastructures – at least in the short term, according to finextra.com.
The European Supervisory Authorities – the EBA, EIOPA and Esma – were asked by the European Commission to weigh in on the costs and benefits of such a framework as part of the EC Fintech Action Plan.
In their advice, the ESAs say that there are „clear benefits” to such a framework but there are „significant differences” across and within financial sectors when it comes to the maturity of cybersecurity, meaning that a one-size-fits-all approach is difficult in the short term.
Instead, the ESAs suggest focusing on a minimum level of cyber-resilience across sectors that is „proportionate to the needs and characteristics of the relevant entities”.
The advice does suggest a voluntary EU-wide testing framework, together with other relevant authorities taking into account existing initiatives.
The EC also asked the ESAs to provide advice on the need for legislative improvements relating to ICT risk management requirements.
Here, the advice calls for the streamlining of aspects of the incident reporting frameworks across the financial sector and also suggests a legislative approach to helping monitor the activities of critical third party service providers.
While welcoming many aspects of the advice, Lorraine Johnston, regulatory counsel at law firm Ashurst, highlights one „glaring” omission: the lack of advice relating to board governance of ICT and cyber resilience.
Says Johnston: „Until ICT and cyber security sit squarely as a board level responsibility, some of these issues will remain to be seen as ‘IT helpdesk’ problems.”
„Tendinţele pe care le-am remarcat înainte de începerea pandemiei s-au accelerat pe perioada stării de urgenţă. Am văzut acest lucru ca o oportunitate, un tipping point pentru bancă. Post-pandemie nu avem cum sa ne întoarcem la comportamentul financiar pe care îl aveam până în februarie a.c. Relaţia românilor cu online-ul s-a schimbat. In plus, cardul fizic se va dematerializa. Vom asista la o scădere a cererii pentru cardurile fizice, respectiv la o creştere a preferinţei pentru componenta digitală a acestora.”