The European Supervisory Authorities (ESAs) has published its joint advice in relation to improving communication risk management and cybersecurity.
Last year, the European Commission requested the ESA to map the existing supervisory practices across financial sectors around IT security and governance requirements.
Its aim was for the ESA to issue guidelines aimed at supervisory convergence and enforcement of IT risk management and mitigation requirements in the EU financial sector. If necessary, it would also give technical advice on the need for legislative improvements.
In addition to this, the ESA was tasked to evaluate the costs and benefits of developing a coherent cyber resilience testing framework for the EU financial market.
The ESA has published advice on the need for legislative improvements relating to these two subjects.
Regarding the need of legislative improvements, the ESA advised that every relevant entity should be subject to clear general requirements on governance of IT, including cybersecurity, to ensure safe provision of regulated services, it said.
Its advice promotes stronger operational resilience and harmonisation in the EU and hopes to streamline incident reporting, which helps teams to log, monitor, analyse and respond to IT security and fraud incidents.
Further to this, the ESA stated a legislative solution for an oversight framework to monitor activities of third-party services providers should be explored.
In relation to the costs and benefits of cyber resilience testing framework, the ESA saw strong benefits of a framework but currently there are differing cybersecurity maturity levels across the EU. The ESA has recommended the EU focuses on reaching a minimum level of cyber-resilience in all sectors and then grow its over the years.
The ESA is formed of the European Banking Authority, the European Securities and Markets Authority, and the European Insurance and Occupational Pensions Authority.
Copyright © 2019 FinTech Global