Search Results

You are looking at 1 - 10 of 36 items for :

  • "cybersecurity risk supervision" x
Clear All
Tamas Gaidosch, Frank Adelmann, Anastasiia Morozova, and Christopher Wilson
This paper highlights the emerging supervisory practices that contribute to effective cybersecurity risk supervision, with an emphasis on how these practices can be adopted by those agencies that are at an early stage of developing a supervisory approach to strengthen cyber resilience. Financial sector supervisory authorities the world over are working to establish and implement a framework for cyber risk supervision. Cyber risk often stems from malicious intent, and a successful cyber attack—unlike most other sources of risk—can shut down a supervised firm immediately and lead to systemwide disruptions and failures. The probability of attack has increased as financial systems have become more reliant on information and communication technologies and as threats have continued to evolve.
Tamas Gaidosch, Frank Adelmann, Anastasiia Morozova, and Christopher Wilson

( Institute of International Finance 2017 ). Acknowledging that operational disruptions can impact financial stability, the Bank of England and the UK Financial Conduct Authority published a discussion paper to generate debate about the expectations regulators and the wider public might have of the operational resilience of financial services institutions ( Bank of England 2018 ). Chapter 2 Achieving Cyber Resilience The goal of cybersecurity risk supervision should be to influence, incentivize, and shape firms’ cybersecurity capabilities. Supervision activities

International Monetary Fund. Monetary and Capital Markets Department
The Norwegian financial system has a long history of incorporating new technology. Norway is at the forefront of digitization and has tight interdependencies within its financial system, making it particularly vulnerable to evolving cyber threats. Norway is increasingly a cashless society, with surveys and data collection suggesting that only 10 percent of point-of-sale and person-to-person transactions in 2019 were made using cash.1 Most payments made in Norway are digital (e.g., 475 card transactions per capita per annum)2 and there is an increase in new market entrants providing a broad range of services. Thus, good cybersecurity is a prerequisite for financial stability in Norway.
International Monetary Fund. Monetary and Capital Markets Department
Cybersecurity risk continues to grow both in complexity and severity and is a function of an increasingly open and interconnected cyber and financial ecosystem. The South African financial system has a long history of incorporating technology and as for many financial systems across the globe, digitalization has become a strategic priority. For risk management to keep pace with the dynamic nature of cyber threats and threat agents, systemically important financial institutions (SIFIs) have made substantial investments in cyber resilience programs (e.g., establishing cyber strategies, frameworks, and governance structures). Consistent with many jurisdictions, and partly a result of widespread remote working arrangements implemented in response to the global pandemic, cybersecurity threats to financial stability increased. However, high standards of risk management meant threats did not materialize into significant losses and/or disruptions.
International Monetary Fund. Monetary and Capital Markets Department

Authority Responsible for Implementation Time 1 Cybersecurity Risk Supervision Move toward implementing a consistent, cross-sectoral regulatory framework for cybersecurity (based on prudential standards) MT Strengthen cybersecurity supervision and oversight with greater supervisory intensity and frequency for SIFIs and new supervisory tools. ST Strengthen bank and FMI third-party risk management through ongoing supervision and oversight. ST Strengthen the PA’s resources for cybersecurity supervision with dedicated specialists

International Monetary Fund. Monetary and Capital Markets Department

Front Matter Page IMF Country Report No. 20/262 NORWAY FINANCIAL SECTOR ASSESSMENT PROGRAM TECHNICAL NOTE—CYBERSECURITY RISK SUPERVISION AND OVERSIGHT August 2020 This Technical Note on Cybersecurity Risk Supervision and Oversight for the Norway FSAP was prepared by a staff team of the International Monetary Fund as background documentation for the periodic consultation with the member country. It is based on the information available at the time it was completed on July 7, 2020. Disclaimer : This document was prepared before

International Monetary Fund. Monetary and Capital Markets Department
Much of the work of the Financial Sector Assessment Program (FSAP) was conducted prior to the COVID-19 pandemic, with the missions ending on February 13, 2020. Given the FSAP’s focus on medium-term challenges and vulnerabilities, however, its findings and recommendations for strengthening policy and institutional frameworks remain pertinent. The report was updated to reflect key developments and policy changes since the mission work was completed. It also includes a risk analysis that quantifies the possible impact of the COVID-19 crisis on bank solvency. Since the previous FSAP in 2015, the Norwegian authorities have taken welcome steps to strengthen the financial system. Regulatory capital requirements for banks were raised and actions were taken to bolster the weak capital position of insurers. Alongside other macroprudential measures, temporary borrower-based measures for residential mortgages were introduced, which seem to have had some moderating impact on segments of the housing market. The resolution framework was also strengthened, with the implementation of the Bank Recovery and Resolution Directive (BRRD) and the designation of Finanstilsynet (FSA) as the resolution authority.
International Monetary Fund. Monetary and Capital Markets Department

sector as part of the implementation of the new Norwegian Security Law, informed by the financial sector map, will support financial stability considerations, as well as risk-based supervision and oversight. Cybersecurity risk regulation and supervisory practice are generally sound . The FSA has adequate expertise and regulatory tools to fulfill its responsibilities as cybersecurity risk supervisor. However, the authorities are encouraged to issue additional enforceable guidance to the supervised institutions on ICT/cybersecurity risk. Key topics that have not been

International Monetary Fund. Monetary and Capital Markets Department

-19 shock make these recommendations even more pertinent. In the area of insurance supervision, the FSA needs to step up its risk monitoring and conduct its own stress tests of the insurance sector. The authorities should also address remaining weaknesses in the effectiveness of AML/CFT oversight. Norway’s cybersecurity risk mitigation framework is advanced, but potential threats are evolving rapidly . Building on an already strong basis, there is scope to further strengthen the authorities’ cybersecurity risk supervision and oversight. In particular, the

International Monetary Fund. Monetary and Capital Markets Department

, and the Ministry of Finance is of course paramount in a crisis, but a new body may not be the best contribution to effective crisis management. There may be a risk that the establishment of such a body could blur the division of responsibilities between the authorities and delay the crisis response. Having said that, the authorities will continue to seek improvements in the legislation, the institutional set-up, and the framework in general. Other Issues We welcome the analysis and recommendation in the novel report on cybersecurity risk supervision and