The Bank of England (BoE) has published a consultation paper on a new rule for central counterparties (CCPs) relating to incident reporting.
The BoE is proposing to make a new rule relating to incident reporting, which will formalise the requirement for CCPs to notify the BoE of certain incidents having an impact on their information technology systems.
The BoE currently has a supervisory expectation that CCPs promptly notify the BoE of any operational incidents as soon as reasonably practicable, including any incidents that affect the security of their information technology systems. While this is not a formal rule at present, in practice, it means CCPs contact the BoE in the event of an incident and keep the BoE updated at regular intervals until the incident is resolved.
The BoE is proposing a new rule for CCPs that will formalise some aspects of the existing supervisory expectation in relation to the reporting of operational incidents. The notification requirement would cover any incident, including a physical event, affecting the security of a CCP’s information technology systems that had a significant impact on continuity of services provided.
The proposed rule requires a CCP to report an incident as soon as reasonably practicable after it becomes aware of the incident. A CCP is also required (either concurrently or as soon as reasonably practicable after providing notification of an incident) to provide information which would allow the BoE to determine any impact of the incident, such as financial, operational or legal.
The deadline for comments on the consultation paper is 3 April 2018. The BoE intends to bring the rule into effect by 9 May 2018.
View BoE consults on incident reporting by CCPs, 9 February 2018