Central Bank of Ireland clarifies expectations of firms in relation to cyber risks

Maria Nikolova

Deputy Governor, Prudential Regulation, Ed Sibley highlights the need for firms to build resilience and to be able to recover from technology-related risks.

Cybersecurity matters remain high on the agenda of financial regulators across the globe. This was highlighted earlier today in a speech delivered by Ed Sibley – Deputy Governor, Prudential Regulation, at the Central Bank of Ireland. Mr Sibley spoke about the need for financial firms to build resilience into their systems to meet the challenges that technological innovation and competition pose.

Mr Sibley reminded that, in 2016, the Central Bank issued the Cross Industry Guidance in respect of IT and Cybersecurity Risks, which outlined the minimum expectations of firms in relation to these risks. He stressed that much more needs to be done to meet these expectations.

“Cyber-security needs to become part of the culture of an organisation and an integral part of the organisation’s risk management, crisis management, and business continuity planning”, Mr Sibley said.

Senior management and boards of financial services firms need to control these critical risks and build resilience in their firms to be able to endure and survive operational or technology-related shocks, be they systems failures, change processes gone wrong, or a data breach.

The Central Bank has seen a lot of progress in the area of IT risk management and resilience, but there is huge amount of work still to be done. Almost three quarters of the central bank’s findings from on-site inspections relate to four key areas: IT risk management, IT security, IT outsourcing, and IT continuity management. Thus, firms can expect to see a continued focus by the Central Bank on these fundamentals and on firms’ resilience capabilities.

Mr Sibley noted that management of financial services providers has to assume responsibility with regard to the adequate tackling of cyber threats. According to him, the overall responsibility for resilience rests with the board and senior management. However, the central bank has found failings of boards and senior management to understand and appreciate the significance of the IT and operational risks their firms face.

“We have seen evidence of risks and messages being diluted as they are filtered up through the organisation such that they are so high-level once they get to senior levels that they lose their meaning or impact”, Mr Sibley said.

Mr Sibley said he expects boards to:

  • understand how disruptions of key business services could impact their customers and their value chain;
  • ensure operational and cyber resilience strategies are fit for purpose;
  • and oversee risk tolerances and appetite metrics to track, measure and trigger a response to disruptive events.

In addition, he expects that boards ensure that their firms have the resilience to withstand future shocks, absorb the impacts of the shock and communicate effectively to stakeholders throughout, and to ultimately recover from the incident and use the learnings to further improve their future resilience.

Read this next

Digital Assets

TRON approves Wintermute to mint, burn USDD stablecoin

TRON Reserve DAO has welcomed crypto market-making giant Wintermute as the ninth member and whitelisted institution to mint Tron network’s stablecoin, Decentralized USD (USDD).

Metaverse Gaming NFT

Nas Academy and Invisible College introduce innovative model for Web3 education

Singapore-based online learning platform, Nas Academy is joining forces with Invisible College to teach people everything they need to know about the Web3.

Digital Assets

Top exec at BitMEX pled guilty US Bank Act violations, pays $150K fine

BitMEX’s head of business development, Gregory Dwyer pled guilty to violating the US Bank Secrecy Act (BSA) and allowing customers to use the platform to circumvent the federal anti-money laundering rules.

Retail FX

CySEC slaps €150,000 fine on FXBFI, operator of 101investing brand

The Cyprus Securities and Exchange Commission (CySEC) today announced that it has reached a settlement with FXBFI Broker Financial Invest Ltd, trading as 101investing, ordering the firm to pay €150,000 for violating the Investment Services and Activities and Regulated Markets Law.

Retail FX

X Open Hub expands multi-asset offering with new cryptocurrencies and indices

X Open Hub, a multi-asset liquidity provider, announced today that it has extended its offering with inclusion of 30 new cryptocurrencies and two emerging market indices.

Retail FX

Interactive Brokers now offers 24/7 access to crypto trading

Interactive Brokers Group, Inc. (NASDAQ: IBKR) has widened access to cryptocurrency trading for its clients. Specifically, the discount broker extended trading hours for its cryptocurrency products to be traded 24/7, including on the weekends.

Inside View

Natural Language Generation for Multi-Language Social Media Strategies 

Natural Language Generation (NLG) is a crucial growth area in the digital landscape, with the unique potential to be used across multiple industries.

Market News, Technology

The B2Core Android App is Now Available For Download

The first version of the B2Core Android app is available for download, and it has many beneficial features for users.

Digital Assets

XBO taps custodian Fireblocks ahead of crypto exchange’s launch

XBO.com has integrated with digital asset and crypto technology platform Fireblocks ahead of the crypto exchange’s upcoming launch.

<