On 4 December 2018, the Basel Committee on Banking Supervision (Basel Committee) published a report which identifies, describes and compares the range of observed bank, regulatory and supervisory cyber-resilience practices across jurisdictions. For the purpose of the report, the Basel Committee uses the Financial Stability Board’s Cyber Lexicon definition of cyber-resilience, which defines it as … Continue Reading
On 3 December 2018, the European Central Bank (ECB) published its cyber resilience oversight expectations for financial market infrastructures (FMIs) (the Expectations). In June 2016, the Committee on Payments and Market Infrastructures (CPMI) and the International Organization of Securities Commissions (IOSCO) published Guidance on cyber resilience for financial market infrastructures (Guidance). The Expectations provides FMIs … Continue Reading
The ECB has published a speech by Benoît Coeuré, the Chair of the Committee on Payments and Market Infrastructures (CPMI). The speech is entitled The new frontier of payments and market infrastructure: on cryptos, cyber and CCPs. The slides that accompanied the speech have also been published. Key messages in the speech include: the G20 … Continue Reading
On 13 November 2018, European Commission Vice-President Valdis Dombrovskis issued a statement at the European Parliament Plenary on regulating virtual currencies and Initial Coin Offerings (ICOs). In the statement, Mr Dombrovskis posts two questions for financial regulators to consider: Whether crypto-assets are financial instruments, and are therefore covered by financial regulation? Whether that regulation is … Continue Reading
On 12 November 2018, the Financial Stability Board (FSB) published the first edition of a Cyber Lexicon, which comprises a set of approximately 50 core terms related to cyber security and cyber resilience in the financial sector. The lexicon is not intended for use in the legal interpretation of any international arrangement or agreement or … Continue Reading
On 19 October 2018, the European Securities and Markets Authority (ESMA) published its Securities and Markets Stakeholder Group (the Stakeholders) own initiative report on initial coin offerings (ICOs) and crypto-assets. The report has been produced by the Stakeholders to advise ESMA on steps it can take to manage the risks of ICOs and crypto-assets on … Continue Reading
On 8 January 2018, the combined market capitalisation of crypto-assets peaked at an estimated $830 billion, of which approximately 35% was attributable to bitcoin. This dropped to just over $210 billion as of 4 October 2018. The rapid price increase in 2017 elicited interest from retail investors and attracted the attention of regulated financial institutions … Continue Reading
On 5 September 2018, the Joint Committee of the European Supervisory Authorities (comprised of ESMA, EBA and EOPA) published a report on the results of their monitoring exercise on ‘automation in financial advice’ (the Report). The Report follows the Joint Committee’s 2015 discussion paper on automation in financial advice, and their 2016 report on the … Continue Reading
In its role as a banking supervisor, the European Central Bank (ECB) asks the largest euro area banks to report significant cyber incidents as soon as they detect them. This helps the ECB identify and monitor trends in cyberattacks, which puts it in a position to be able to react more swiftly to a potential … Continue Reading
On 16 July 2018, the Financial Stability Board (FSB) has published a report describing international work on crypto-assets. The report follows a letter that FSB Chair Mark Carney sent to G20 Finance Ministers and Central Bank Governors in March noting that crypto-assets raise a host of issues around consumer and investor protection, as well as … Continue Reading
On 9 July 2018, the European Parliament’s Committee on Economic and Monetary affairs published a study, Competition issues in the Area of Financial Technology (FinTech). The study focuses on analysing potential anti-competitive factors and their impact both in the FinTech ecosystem and in concrete services. In lieu of any consensus, the study proposes FinTech services … Continue Reading
On 3 July 2018, the European Banking Authority (EBA) published the first products of its FinTech Roadmap: a thematic report on the impact of FinTech on incumbent credit institutions’ business models. The report has two aims: (i) to provide an overview of the current FinTech landscape and the observed changes in the incumbent institutions’’ behaviour … Continue Reading
On 2 July 2018, the Financial Stability Board (FSB) published a consultative document regarding a cyber lexicon which comprises a set of 50 core terms related to cyber security and cyber resilience in the financial sector. Whilst the lexicon is not intended for use in the legal interpretation of any international arrangement or agreement or … Continue Reading
Recently there have been a number of blog postings on initial coin offerings (ICOs) and cryptocurrency, and here is a round-up of them in case you missed them: Global IOSCO Board communication on concerns about ICOs (19 January 2018) Australia Listed funds holding crypto-assets: ASX’s position (25 February 2018) ASIC updates INFO 225: Corporate regulator … Continue Reading
On 2 May 2018, the European Central Bank (ECB) published the European Framework for Threat Intelligence-based Ethical Red Teaming (TIBER-EU), which is the first Europe-wide framework for controlled and bespoke tests against cyber-attacks in the financial markets. TIBER-EU based tests simulate a cyber-attack on an entity’s critical functions and underlying systems, such as its people, … Continue Reading
On 10 April 2018, the European Central Bank (ECB) published a consultation on draft guidance concerning cyber resilience expectations for financial market infrastructures (FMIs). The ECB sees cyber resilience as an important aspect of FMIs’ operational resilience and is also a factor affecting the overall resilience of the financial system and the broader economy. The … Continue Reading
On 3 April 2018, the Global Financial Markets Association (GFMA) published A Framework for the Regulatory Use of Penetration Testing in the Financial Services Industry. The framework provides a guide for the development of a cyber security penetration testing framework comprising of a four phased testing lifecycle: Threat intelligence phase – a firm’s internal intelligence … Continue Reading
The European Commission has issued an Action Plan for FinTech. The Action Plan is part of the Commission’s efforts to build a Capital Markets Union and has three main objectives: to support innovative business models to scale up across the Single Market; to encourage the uptake of new technologies in the financial sector; and to … Continue Reading
The European Securities and Markets Authority (ESMA) has published the keynote address given by its chairman Steven Maijoor at Afore Consulting’s Second Annual FinTech and Digital Innovation Conference on 27 February 2018. In the course of his speech he addressed three key areas of FinTech, beginning with the structural features of FinTech, monitoring FinTech by … Continue Reading
The Basel Committee on Banking Supervision (Basel Committee) has published a sound practices report, Implications of fintech developments for banks and bank supervisors. The report assesses how technology driven innovation in financial services may affect the banking industry and the activities of supervisors in the near to medium term. The Basel Committee recognises that it … Continue Reading
The European Supervisory Authorities (ESMA, EBA and EIOPA) (the ESAs) have issued a warning to consumers on the high risks of buying and/or holding so-called virtual currencies (VCs). The warning is based on Article 9(3) of the ESAs’ founding Regulations and follows the publication of statements by ESMA on initial coin offerings. The warning sets … Continue Reading
The European Banking Authority (EBA) has published final guidance for the use of cloud service providers by EU financial institutions. The guidance becomes applicable as of 1 July 2018 and is addressed to credit institutions, investment firms and Member State competent authorities. The guidance clarifies EU supervisory expectations if institutions intend to adopt cloud computing, … Continue Reading
The Global Financial Markets Association (GFMA) has published a set of principles to guide the development of a commonly accepted framework for cybersecurity penetration testing. The GFMA notes that a number of jurisdictions around the world already leverage penetration testing in their regulatory regime. The goal of the GFMA proposal is not to compete with … Continue Reading
The European Central Bank (ECB) has published a speech by Marc Bayle de Jessé, Director General Market Infrastructure and Payments, ECB. The speech is entitled ECB views on the regulation of cyber security. In his speech Mr Jessé reminds his audience that the ECB’s Governing Council approved the Eurosystem’s cyber resilience strategy for financial market … Continue Reading
