Basel Committee: Financial Sector Lagging on Cyber Response and Recovery Plans

The Basel Committee on Banking Supervision has turned its focus onto operational resilience, publishing a report on cyber resilience practices across jurisdictions. The report is based on an analysis of authorities’ responses to previous international surveys, exchanges between international experts and input from industry participants. It summarises 10 key findings, illustrated by case studies of concrete developments in the jurisdictions covered. The ten factors involved in maintaining cyber resilience include testing, metrics and third party risk, with a view to integrate these into its broader operational resilience framework in the future. Read more:  36% of Financial Firms Don’t Formally Evaluate Software Consultants With regard to testing, the committee found that financial institutions have evolving and prevalent protection and detection testing practices, but this was less prevalent with response and recovery plans. On metrics, the report states that “although some forward-looking indicators of cyber resilience are being picked up through the most widespread supervisory practices, no standard set of metrics has emerged yet”. In terms of third-party risk, the committee found that, while there are established regulatory frameworks for outsourcing activities across jurisdictions, financial firms, by and large lack clearly defined frameworks for working with third parties beyond outsourcing. This point is particularly relevant with regards to the rise of open banking and increasing collaboration between incumbent financial firms and fintech challengers. The full report is available to download here.