ENCU responded to a request for feedback to the European Commission’s public consultation regarding their initiative on improving resilience against the increasing number of cyberattacks. The European Supervisory Authorities (ESA) “advised the Commission to propose targeted improvements to the EU financial regulatory framework to develop a single regulatory and supervisory rulebook” for information communication technology (ICT) operational resilience in the financial sector. The Commission’s objective is to harmonize applicable rules to make the financial sector more secure and resilient through the reduction of compliance and administrative burdens.
In addition to the questionnaire which included questions on several topics including ICT systems and operational resilience, ENCU urged the Commission to consider risk-based and proportional requirements that are tailored to credit unions. Credit unions do not pose the same cybersecurity risks that banks do, and therefore require less stringent requirements in order to support the Commission’s goal to combat cyberattacks. ENCU also requested consideration for non-mandatory guidelines instead of hard rules to address digital operational resilience and cybersecurity issues. Flexibility to apply necessary strategies instead of overburdensome requirements will help alleviate cost and depletion on much needed resources that credit unions rely upon. Finally, ENCU asked that the Commission appoint only one prudential regulator for consistency in enforcement and regulation. A copy of the comment letter can be found here.