European supervisors have warned financial services firms and their national regulators that rising cyber risk demands a “swift” EU-wide common framework for digital operational resilience.
In a joint risk assessment for the sector – the
European Banking Authority (EBA), the European Insurance and Occupational
Pensions Authority (EIOPA) and the European Securities and Markets Authority
(ESMA) – said financial services companies are “increasingly exposed” to cyber
risk, with the industry hit by cyberattacks more often than others.
At the same time, the report says the pandemic has
“acted as a catalyst for digital transformation” and forced financial
institutions to rapidly adapt technical infrastructure, which has further
increased cyber risk.
The supervisors back a new European framework to set a
high common level of resilience to cyber risks, in particular to tackle ICT
outsourcing risk. The European Commission has already published legislative
proposals on digital operational resilience (DORA), which are expected to
upgrade ICT risk management requirements across various financial services
legislation and harmonise incident reporting across the EU financial sector.
DORA is set to introduce an EU oversight framework for
critical ICT third-party service providers to monitor the risks of European
financial services firms’ dependency on such companies, including concentration
and contagion issues.
“A successful attack on a major financial institution,
or on a core system or service used by many, could spread to the entire
financial system due to interconnectedness, with potential consequences in
terms of business continuity, reputation and, under extreme scenarios,
liquidity and financial stability,” the report warns.
It also identifies other key areas of risk facing the
European financial sector. These include the impact of phasing out pandemic
crisis measures, as well as the threat of event-driven risks, such as Greensill
and Archegos, and cryptoassets.
EBA, EIOPA and ESMA said the financial services sector
and its regulators should conduct a full assessment of the pandemic’s impact on
banks’ lending books, as the economic environment moves to recovery phase.
“Policymakers, regulators, financial institutions and
supervisors can start reflecting on lessons learnt from the Covid-19 crisis,”
the report says.
CRE
© Commercial Risk Europe
Key
Hover over the blue highlighted
text to view the acronym meaning
Hover
over these icons for more information
Comments:
No Comments for this Article