Professional Documents
Culture Documents
2019-06-25 Item 3 - Overview of The Cyber Regulatory Frameworks Internationally
2019-06-25 Item 3 - Overview of The Cyber Regulatory Frameworks Internationally
cyber regulatory
frameworks
internationally
JUNE 25, 2019
Frank Adelmann
Financial Sector Expert (Cyber Security)
Monetary and Capital Markets Department - Financial Supervision
and Regulation (MCMFR)
International Monetary Fund
• The enumeration of organizations and documents in the presentation does not intend
to be exhaustive
• Indeed, things evolve so quickly that some references may be outdated since the
slides were prepared!!
► …
“The malicious use of Information and Communication Technologies (ICT) could disrupt financial
services crucial to both national and international financial systems, undermine security and
confidence and endanger financial stability. We will promote the resilience of financial services and
institutions in G20 jurisdictions against the malicious use of ICT, including from countries outside the
G20. With the aim of enhancing our cross-border cooperation, we ask the FSB, as a first step, to
perform a stock-taking of existing relevant released regulations and supervisory practices in our
jurisdictions, as well as existing international guidance to identify effective practices. The FSB should
inform about the progress of this work by the Leaders Summit in July 2017 and deliver a stock-take
report by October 2017.”
• Some references:
• Definitions of cybersecurity
• What is different from the traditional approaches to Information Security
• The three dimensions: People / Processes / Technology
• Board involvement
• Some references:
• From outsourcing to third parties risk management regulation often still has to evolve
• Different concept of the relevance of a third party: size of contract is not any longer
the key aspect, even small ones can be a threat vector
• Cloud computing and cybersecurity
• Difficulty to control the complete supply chain
• From the supervisory side:
Ability to supervise service providers
• Almost all general principles frameworks and best practices address third parties risk
G7: “Fundamental Elements for Third Party Cyber risk management in the financial
sector”, (2018)
EBA :
Recommendation on outsourcing to cloud (2017)
Consultation Paper on Guidelines on Outsourcing (2018)
Consultation Paper on ICT and security risk management guidelines (2018)
• From assessing likelihood of cyber incidents (malicious or not) to assuming they will
happen
• Impact will not only depend on the duration and severity of the incidents but also on
the readiness of the different stakeholders to respond and recover
• How to measure the systemic impact of cyber risk? Lack of reliable and sufficient
data and indicators
•Some references:
• Some references:
•Some references:
► supports the work and activities of regional groups of banking supervisors worldwide
► BCBS members include organizations with direct banking supervisory authority and
central banks
► establishes groups, working groups, virtual networks, and task forces
► Financial Stability Institute (FSI) is a joint initiative of the BCBS and the Bank of
International Settlements (BIS) to assist supervisors around the world in implementing
sound prudential standards
► BCBS is a member of the Financial Stability Board (FSB)
Mandate: to serve central banks in their pursuit of monetary and financial stability, to
foster international cooperation in those areas and to act as a bank for central banks
► conceived in July 1944 at the United Nations Bretton Woods Conference in New
Hampshire, United States- 44 countries in attendance sought to build a framework
for international economic cooperation and avoid repeating the competitive
currency devaluations that contributed to the Great Depression of the 1930s
Mandate: to promote policies that will improve the economic and social well-being of
people around the world
Mission: end extreme poverty by reducing the share of the global population that
lives in extreme poverty to 3 percent by 2030
promote shared prosperity by increasing the incomes of the poorest 40 percent of
people in every country
FAdelmann@imf.org
https://www.linkedin.com/in/frank-adelmann-18a2ab65/
Tel: +1 202 623 6263
Mobile: +1 202 361 4434