FSB Issues Report on Financial Sector Cybersecurity Regulations

The Financial Stability Board (FSB) issued its conclusions from a stocktake on cybersecurity regulations, guidance and supervisory practices which was delivered to the October 2017 Finance Minsters and Central Bank Governors in Washington, DC.

Notable findings of the FSB stocktake include the following:

  • All FSB member jurisdictions report drawing upon a small body of previously developed national or international guidance or standards when developing their own regulatory or supervisory schemes for the financial sector;

  • Some elements commonly covered by regulatory schemes targeted to cybersecurity include risk assessment, regulatory reporting, role of the board, third-party interconnections, system access controls, incident recovery, testing and training.

  • Jurisdictions remain active in further developing their regulation and guidance. Seventy-two per cent of jurisdictions report plans to issue new regulations, guidance or supervisory practices that address cybersecurity for the financial sector within the next year.

  • International bodies also have been active in addressing cybersecurity for the financial sector.

Private sector participants in the stocktake expressed support for principles-based, risk-based and proportional regulation, and also stressed the importance of a globally consistent approach that avoids multiple, potentially conflicting regulatory schemes.

The  summary report together with the detailed analysis can be viewed here.

Financial Stability Board