Central Bank of Ireland clarifies expectations of firms in relation to cyber risks

Maria Nikolova

Deputy Governor, Prudential Regulation, Ed Sibley highlights the need for firms to build resilience and to be able to recover from technology-related risks.

Cybersecurity matters remain high on the agenda of financial regulators across the globe. This was highlighted earlier today in a speech delivered by Ed Sibley – Deputy Governor, Prudential Regulation, at the Central Bank of Ireland. Mr Sibley spoke about the need for financial firms to build resilience into their systems to meet the challenges that technological innovation and competition pose.

Mr Sibley reminded that, in 2016, the Central Bank issued the Cross Industry Guidance in respect of IT and Cybersecurity Risks, which outlined the minimum expectations of firms in relation to these risks. He stressed that much more needs to be done to meet these expectations.

“Cyber-security needs to become part of the culture of an organisation and an integral part of the organisation’s risk management, crisis management, and business continuity planning”, Mr Sibley said.

Senior management and boards of financial services firms need to control these critical risks and build resilience in their firms to be able to endure and survive operational or technology-related shocks, be they systems failures, change processes gone wrong, or a data breach.

The Central Bank has seen a lot of progress in the area of IT risk management and resilience, but there is huge amount of work still to be done. Almost three quarters of the central bank’s findings from on-site inspections relate to four key areas: IT risk management, IT security, IT outsourcing, and IT continuity management. Thus, firms can expect to see a continued focus by the Central Bank on these fundamentals and on firms’ resilience capabilities.

Mr Sibley noted that management of financial services providers has to assume responsibility with regard to the adequate tackling of cyber threats. According to him, the overall responsibility for resilience rests with the board and senior management. However, the central bank has found failings of boards and senior management to understand and appreciate the significance of the IT and operational risks their firms face.

“We have seen evidence of risks and messages being diluted as they are filtered up through the organisation such that they are so high-level once they get to senior levels that they lose their meaning or impact”, Mr Sibley said.

Mr Sibley said he expects boards to:

  • understand how disruptions of key business services could impact their customers and their value chain;
  • ensure operational and cyber resilience strategies are fit for purpose;
  • and oversee risk tolerances and appetite metrics to track, measure and trigger a response to disruptive events.

In addition, he expects that boards ensure that their firms have the resilience to withstand future shocks, absorb the impacts of the shock and communicate effectively to stakeholders throughout, and to ultimately recover from the incident and use the learnings to further improve their future resilience.

Read this next

Inside View

Private Equity Renaissance

Recent years have seen a resurgence in the concept of trading physical equities, with a slew of new arrivals joining the market for what is arguably one of the oldest forms of investing. But what has been the driving force behind this change in momentum?

Digital Assets

Dubai introduces new crypto regulations with fines of up to $135,000

Against the backdrop of a crashing market and burned investors, Dubai has sealed a landmark rulebook that governs how the Emirate will regulate cryptocurrency activities.

Institutional FX

FX volume drops 16pct at Russia’s largest exchange in January

The Moscow Exchange, Russia’s largest exchange group, released its monthly batch of trading volumes and metrics for January 2023 – the latest readings showed a pullback across the board for multiple segments, namely in the FX, given lower volatility and a reduced trading schedule.

Institutional FX

Standard Chartered sets up wholly-owned brokerage arm in China

UK-headquartered bank Standard Chartered said its Hong Kong arm has been granted an in-principle approval for a brokerage license from the China Securities Regulatory Commission (CSRC).

Digital Assets

Revolut offers staking for Ether, Cardano, Polkadot, and Tezo

British fintech and banking firm Revolut has introduced crypto staking — a practice of earning rewards for serving as a transaction validator in the Ethereum blockchain – to its UK and European Economic Area (EEA) customers.

Inside View

Saxo releases Q1 2023 Quarterly Outlook: “The Models Are Broken”

“2023 is likely to prove a rough ride for currencies if the USD bear market fails to continue in a straight line, but EUR and JPY may outperform.”

Institutional FX

FXPA welcomes Mesirow as a member of the institutional FX industry body

“Our deep commitment to advancing best practices align well with FXPA’s goals of championing a robust FX market for all industry participants.”

Industry News

ICE delivers Russian-free barrels of ICE Gasoil and expands ESG data in APAC

ICE changed the methodology for Low Sulphur Gasoil futures from previously delivering diesel from any origin, to deliver diesel that does not include any originating from Russia. ICE Gasoil is the global benchmark for refined oil products.

Digital Assets

Gate.io taps Coinfirm for AML/CFT compliance amid licenses in the US, Europe, Hong Kong

“At Gate.io, we continuously strive to mitigate AML/CFT and counterparty risks by integrating best-in-class security measures and safeguards into every part of our operations.”