Russian c-bank outlines new requirements about reporting the consequences of cyber incidents

Maria Nikolova

The banks and payment services providers will have to provide information about the amount of money affected during cyber attacks and the amount returned to clients.

How secure is your brokerage against cyber attacks?

The Central Bank of Russia will change the reporting requirements for banks and operators of payment infrastructure, effective July 1, 2018. The new rules concern the reports about cyber incidents. The companies will have to submit more detailed information regarding the economic consequences of these incidents for the operators and their clients.

In particular, the operators will have to report to the central bank about the amounts of money that were targeted by hackers and the amounts of money that were actually stolen during a given period. The regulator will require the banks and operators to report the precise sum that they returned to their clients affected by a breach.

The companies will also have to submit information about the quality of their money transfer services during such incidents.

The new information will allow the Central Bank to see how the firms it regulates comply with existing laws, especially the law “On the National Payment System”. In addition, the regulator will be able to gauge the level of risk management at banks and payment transfer operators. Furthermore, the Central Bank hopes that the new requirements will enhance the credibility of information that firms submit about data breaches that occur during money transfers.

The statement by the Bank of Russia is issued shortly after Lyndon Nelson, Deputy CEO of the Bank of England’s Prudential Regulation Authority (PRA), indicated that the BoE will require banks to have measures in place to deliver services resilient to cyber incidents.

According to Lyndon Nelson, firms will be expected to set their own tolerances for key business services. These tolerances will have to be in the form of clear metrics indicating when a disruption would represent a threat to a firm, to consumers or to financial stability. The Bank expects firms to test their tolerances and demonstrate to their supervisors that they have concrete measures in place to deliver resilient services.

In addition, firms will need to clearly define and regularly test their approaches to incident management. These should also include good communication plans both internally and externally.

Furthermore, firms need to be able to recover from an operational incident. This requires viable, tested contingency plans for the resumption of critical functions.

Read this next

Industry News

The B2Broker B2Core REST API Is Now Live

B2Broker has announced the release of its new REST API, which lets customers use B2Broker’s solutions and services for business purposes.

Executive Moves

CME Group taps Paul Woolman to lead Equity Index, Giovanni Vicioso to lead Crypto

“Our equity and cryptocurrency businesses have experienced tremendous growth in recent years, underpinned by strong customer adoption and continued innovation.”

Technology

Sumsub launches document-free KYC for users in India, Brazil, Nigeria and Indonesia

Sumsub has launched one click-KYC for users in India, Brazil, Nigeria and Indonesia in a move that allows businesses to instantly onboard over 2 billion users without requesting their ID documents.

Digital Assets

Cboe becomes first major global exchange operator on DeFi data platform, Pyth Network

“Our participation in the Pyth network will provide another avenue to broaden customer access to our data, and aligns with our strategy to deliver market data to investors around the globe based on how they want to consume their data, whether through direct connectivity methods, the cloud or the blockchain.”

Industry News

FINRA fines Barclays Capital $2 million for best execution failures for 5 years

FINRA has fined Barclays Capital $2 million for failing to comply with its best execution obligations in connection with its customers’ electronic equity orders between January 2014 and February 2019. 

Digital Assets

SETL helps SWIFT, CSDs and custodians develop common framework for tokenisation systems

London-based enterprise DLT and blockchain company SETL has delivered a pilot project for SWIFT which implemented a common framework linking tokenisation systems between central security depositories (CSDs) and global custodians.

Digital Assets

Crypto volumes hit CHF 87.1 million at Switzerland exchange

Switzerland’s principal exchange has experienced a rebound in trading activities for September 2022, with monthly volumes increasing by more than 20 percent MoM.

Digital Assets

Bitcoin Suisse Vault taps Polkadot governance features

Bitcoin Suisse has added support for Polkadot protocol governance on its proprietary, hyper-secure cold storage solution, the Bitcoin Suisse Vault.

Retail FX

Finalto sweetens offering for African traders with localized FX pairs

Finalto, the financial trading division of Gopher Investments, announced today that it has extended its offering with inclusion of a number of African Pairs to its trading platforms.

<