Shearman & Sterling LLP | FinReg | European Systemic Risk Board Publishes Recommendation on Pan-European Systemic Cyber Incident Coordination Framework
Financial Regulatory Developments Focus
This links to the home page
Financial Regulatory Developments Focus
FILTERS
RECENT POSTS
UK Regulators Consult on Digital Securities Sandbox
Bank of England Consults on Revisions to Statement of Policy on Enforcement
UK Conduct Regulator Proposes Payment Optionality for Investment Research

  • European Systemic Risk Board Publishes Recommendation on Pan-European Systemic Cyber Incident Coordination Framework
    01/27/2022
    The European Systemic Risk Board has published a Recommendation on a pan-European systemic cyber incident coordination framework for EU national regulators. The ESRB observes that major cyber incidents may pose a systemic risk to the financial system, as they are capable of disrupting critical financial services and operations. This could in turn lead to contagion or an erosion of confidence in the financial system. The COVID-19 pandemic has also brought the threat of cyber incidents to the fore, as the number of cyber incidents reported to the ECB increased by 54% between 2019 and 2020. The Recommendation aims to build on the proposed roles of the European Supervisory Authorities under the EU's proposed Regulation on digital operational resilience for the financial sector. DORA is intended to strengthen digital operational resilience considering the risks arising from the increase in digital opportunities within the financial sector.

    The ESRB's recommendations include:
    • Recommendation A: establishment of a pan-European systemic cyber incident coordination framework; the ESAs are recommended to undertake a mapping and analysis of current impediments to the effective development of such a framework;
    • Recommendation B: establishment of points of contact between the ESAs, the ECB and national regulators of each EU Member State to facilitate the development and eventual coordination of the EU-SCICF; and
    • Recommendation C: based on the mapping and analysis conducted under Recommendation A, the Commission should consider appropriate measures at EU level to ensure the effective coordination of responses to systemic cyber incidents.

    The Recommendation also establishes deadlines for specific actions to be taken by the ESAs, the ECB and national regulators to achieve these goals. All deadlines fall after DORA comes into force.

    The ESRB has also published a report, Mitigating systemic cyber risk, which sets out a proposed strategy for mitigating cyber risk and details of the proposed EU-SCICF.

    In response, the ESAs have published a public statement welcoming the ESRB's Recommendation.

    Return to main website.
    ATTORNEYS: Thomas DoneganChloe Barrowman
    TOPIC: Cyber Security