InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FSB: Greater convergence needed in cyber-incident reporting
On April 13, the Financial Stability Board (FSB) released a series of recommendations for achieving “greater convergence” in cyber-incident reporting (CIR). Issued at the request of the G-20, the final report draws from FSB’s body of work on cybersecurity, as well as its engagement with external stakeholders. In order to promote greater convergence in CIR, the report focuses on three components: (i) recommendations for addressing the issues identified as impediments to achieving greater harmonization in cyber incident reporting; (ii) an updated and enhanced cyber lexicon to include new CIR terms and encourage the use of “common language”; and (iii) a common, flexible format for incident reporting exchange (FIRE) that would allow a range of adoption choices and include the most relevant data elements for financial authorities.
The report presents 16 recommendations for addressing issues associated with the collection of cyber incident information from financial institutions, including the importance of establishing clearly defined objectives for incident reporting (and practical measures for sharing such information), aligning CIR regimes on a cross-border/cross-sectoral basis to reduce fragmentation and improve interoperability, and adopting common data requirements and standardized reporting formats. The report observes that financial institutions operating across multiple jurisdictions and sectors often face operational challenges due to the current process of having to report cyber incidents to multiple authorities. FSB states it will continue to work on a concept for a common format for FIRE to enable authorities to collect information from financial institutions in a more consistent manner. “Financial authorities and institutions can choose to adopt these recommendations as appropriate and relevant, consistent with their legal and regulatory framework,” FSB states in the report.
FSB outlines steps to promote convergence in cyber incident reporting
On October 17, the Financial Stability Board (FSB) released a series of recommendations for promoting convergence in cyber incident reporting (CIR). Recognizing that a “one-size-fits-all approach” is neither feasible nor preferable, FSB noted that financial authorities and financial institutions may choose to adopt the report’s recommendations as appropriate and necessary, consistent with their legal and regulatory frameworks. Among other things, the recommendations call on financial authorities to (i) establish and maintain clearly defined incident reporting objectives and explore ways to align their CIR regimes with other relevant authorities; (ii) adopt common reporting formats and develop standardized formats for exchanging incident reporting information; (iii) review the effectiveness of their CIR processes and address impediments to cross-border information sharing; (iv) engage regularly with financial institutions to foster mutual understanding of the benefits of CIR and provide guidance on effective CIR communication; and (v) implement secure forms of incident information handling to protect sensitive information. Additionally, financial authorities and institutions should collaboratively implement measures for sharing information related to cyber events and vulnerabilities in order to “combat situational uncertainty” and “pool knowledge in collective defense of the financial sector.” Financial institutions should also continuously identify and address any gaps in their CIR capabilities.
FSB requests feedback on data frameworks affecting cross-border payments
Recently, the Financial Stability Board (FSB) issued a survey requesting stakeholder feedback on “how existing national and regional data frameworks interact with and affect the functioning, regulation and supervision of cross-border payment arrangements,” in addition to feedback on issues concerning the cross-border use of these data frameworks by national authorities and the private sector. Data frameworks within the survey’s scope include those concerning data access; data privacy, security, or storage; requirements for data retention; and multilateral or bilateral trade agreements covering the use and sharing of data across borders. Among other things, the survey seeks information on (i) ways data-specific national and regional data frameworks affect the costs and speed of delivering payments, as well as access and transparency; (ii) potential barriers to cross-border data use; (iii) areas of improvement for overcoming barriers in data frameworks; (iv) whether one jurisdiction’s data framework can impact the provision or supervision of cross-border payments services offered in other jurisdictions; and (v) whether there are particular payment corridors (especially related to emerging markets) that face specific challenges related to data frameworks. The survey also requests information on the implementation of international standards from the FSB and other standard-setting bodies, “if not included as part of formal, domestic data frameworks,” and “[o]ther international efforts, arrangements, or agreements that jurisdictions may implement in their domestic data frameworks or that may affect cross-border data flows.” The survey will close on January 14, 2022.
Financial Stability Board calls for uniformity in cyber-breach reporting
On October 19, the Financial Stability Board (FSB) released a report calling for a convergence in the reporting of cyber incidents given the digitalization of financial services and the growing use of third-party service providers. According to FSB’s report, Cyber Incident Reporting: Existing Approaches and Next Steps for Broader Convergence, financial institutions operating across borders or sectors are subjected to multiple reporting requirements for one cyber incident. Pointing out that “fragmentation exists across sectors and jurisdictions in the scope of what should be reported for a cyber incident; methodologies to measure severity and impact of an incident; timeframes for reporting cyber incidents; and how cyber incident information is used,” FSB cautioned that the lack of a common method for reporting cyber incidents “could undermine a financial institution's response and recovery actions.” FSB also warned that the dissemination of “heterogeneous information” concerning a cyber incident “underscores a need to address constraints in information-sharing among financial authorities and financial institutions.” Harmonizing regulatory reporting would promote financial stability by ensuring there is a common method for monitoring cyberattacks in the sector, supporting effective supervision of cyber-risks at financial institutions, and helping authorities share information between jurisdictions. FSB stated it plans to create a detailed plan by the end of the year to (i) develop best practices for authorities to consider when developing their cyber incident reporting regime; (ii) identify key types of information that should be shared across the financial sector; and (iii) create a common terminology for cyber-incident reporting.
FSB addresses climate-related financial risks
On July 7, the Financial Stability Board (FSB) released several reports addressing climate-related financial risks. The FSB Roadmap for Addressing Climate-Related Financial Risks noted that a growing number of international initiatives are underway that address financial risks resulting from climate change. “Effective risk management at the level of individual companies and financial market participants is a precondition for a resilient financial system,” the report stated, adding that the “interconnections between climate-related financial risks faced by different participants in the financial system reinforce the case for coordinated action.” Among other things, the FSB set out a roadmap that focuses on four interrelated areas: (i) firm-level disclosures that should be used as the basis for pricing and managing climate-related financial risks at the level of individual entities and market participants; (ii) consistent metrics and disclosure data that can “provide the raw material for the diagnosis of climate-related vulnerabilities”; (iii) an analysis of vulnerabilities to provide the groundwork for designing and applying regulatory and supervisory framework and tools; and (iv) the establishment of regulatory and supervisory practices and tools to allow authorities to effectively identify climate-related risks to financial stability. FSB also released the Report on Promoting Climate-Related Disclosures, following a survey of members which explored national and regional current or planned climate-related disclosures. FSB presented several high-level recommendations, including, among other things, that financial authorities use a framework based on recommendations from the Task Force on Climate-Related Financial Disclosures (TCFD) across both non-financial corporates and financial institutions to propose a more consistent global approach. FSB issued another report entitled, The Availability of Data with Which to Monitor and Assess Climate-Related Risks to Financial Stability, that suggested various priorities to address climate-related data gaps “to improve the monitoring and assessment of climate-related risks to financial stability.”
Additionally, Federal Reserve Board Vice Chair for Supervision, Randal K. Quarles, spoke before the Venice International Conference on Climate Change on July 11, in which he discussed the work of the TCFD and stressed the importance of improving data quality and addressing data gaps, as well as ultimately establishing "a basis of comprehensive, consistent, and comparable data for global monitoring and assessing climate-related financial risks."
FSB updates LIBOR transition roadmap
On June 2, the Financial Stability Board released an updated version of the Global Transition Roadmap for LIBOR, which is intended to advise those with exposure to LIBOR benchmarks of some of the steps they should take now and over the remaining period to LIBOR cessation dates to successfully mitigate risks. As previously covered by InfoBytes, the Financial Stability Board released the roadmap last October to outline the steps financial firms and their clients should take “in order to ensure a smooth LIBOR transition” from now through 2021. According to the recent announcement, “transition away from LIBOR requires significant commitment and sustained effort from both financial and non-financial institutions across many LIBOR and non-LIBOR jurisdictions.” In addition to identifying actions that should already be complete, the roadmap details the following steps:
- ISDA Fallback Protocol Effective Date. Firms should adhere to the International Swaps and Derivatives Association’s (ISDA) IBOR Fallback Protocol and IBOR Fallback Supplement, which were launched last October and took effect in January 2021 (covered by InfoBytes here).
- By mid-2021. Firms should have identified which contracts can be amended and contact other parties to prepare for the use of alternative rates. Firms should also execute formalized plans to covert legacy LIBOR contracts to alternative rates.
- By the end of 2021. All new business should be conducted in, or capable of switching immediately to, alternative rates.
- By June 2023. Firms should “be prepared for all remaining USD LIBOR settings to cease.”
FSB to address Covid-19 impact on global financial stability
On November 15, the Financial Stability Board (FSB) published a letter from their Chair, Randal K. Quarles, ahead of the G20’s November summit. In the letter, Quarles explains that, while financial conditions are easing, global economic outlook remains uncertain. He also notes that the challenges posed by Covid-19 have not yet dissipated and that continued efforts are required to support financial resilience and to ensure a sustained flow of financing to the real economy. Finally, he states that, despite the pandemic, the FSB with support from G20 leaders must continue to press forward with priority reforms, such as developing more efficient cross-border payment services, addressing risks from stablecoins, assessing climate-related financial stability risks, strengthening cyber resilience, and facilitating a smooth transition away from LIBOR in order to strengthen the global financial system.
FSB releases LIBOR transition roadmap
On October 16, the Financial Stability Board released a “Global Transition Roadmap for LIBOR,” which details the steps financial firms and their clients should take “in order to ensure a smooth LIBOR transition” from now through 2021. In addition to identifying actions that should already be complete, the roadmap details the following steps:
- ISDA Fallbacks Protocol Effective Date. Firms should adhere to the International Swaps and Derivatives Association’s (ISDA) IBOR Fallback Protocol and IBOR Fallback Supplement, which will be launched on October 23 and take effect on January 25, 2021 (covered by InfoBytes here).
- By the end of 2020. Lenders should be able to offer non-LIBOR products to customers.
- By mid-2021. Firms should have identified which contracts can be amended and make contact with other parties to prepare for the use of alternative rates. Firms should execute formalized plans to covert legacy LIBOR contracts to alternative rates.
- By the end of 2021. All new business should be conducted in, or capable of switching immediately to, alternative rates.
For continuing InfoBytes coverage on the LIBOR transition see here.
Financial Stability Board outlines global stablecoin recommendations
On October 13, the Financial Stability Board (FSB) published a report providing high-level recommendations for the regulation, supervision, and oversight of “global stablecoin” (GSC) arrangements. FSB defines “stablecoins” as a “specific category of crypto-assets which have the potential to enhance the efficiency of the provision of financial services, but may also generate risks to financial stability, particularly if they are adopted at a significant scale.” GSCs are those with multi-jurisdictional reach that “could become systemically important in and across one or many jurisdictions, including as a means of making payments.” The report, Regulation, Supervision, and Oversight of “Global Stablecoin” Arrangements, follows an analysis of financial stability risks raised by GSCs as well as a survey of FSB and non-FSB members’ approaches to stablecoins. Prior to issuing the report, FSB also conducted several outreach meetings with representatives from regulated financial institutions, fintech firms, academia, and the legal field. The October report, which takes into account public feedback received earlier in the year, outlines 10 high-level recommendations that “call for regulation, supervision and oversight that is proportionate to the risks, and stress the value of flexible, efficient, inclusive, and multi-sectoral cross-border cooperation, coordination, and information sharing arrangements among authorities that take into account the evolving nature of GSC arrangements and the risks they may pose over time.” However, the report stresses that because these recommendations primarily address financial stability risks, issues such as anti-money laundering/combating the financing of terrorism, data privacy, cyber security consumer and investor protection, and competition are not covered. These issues, which may present consequences for financial stability if not properly addressed, should be incorporated as part of a comprehensive supervisory, regulatory, and oversight framework, the report states.
Among other things, the report also provides regulatory authorities a guide “of relevant international standards and potential tools to address vulnerabilities arising from GSC activities,” and outlines a timeline of actions that will build a roadmap to ensure “any relevant international standard-setting work is completed.”
Financial Stability Board report: Crypto-assets not yet posing material risk to financial stability
On October 10, the Financial Stability Board (FSB) published a report, which asserts that although “crypto-assets do not pose a material risk to global financial stability at this time,” there may be implications for financial stability in the future as market developments evolve. The newest report, “Crypto-asset markets: Potential channels for future financial stability implications,” follows a July report discussing the FSB’s framework for monitoring and assessing vulnerabilities in the financial system resulting from developments in the crypto-asset markets. (See previous InfoBytes coverage here.) According to the October report, the FSB conducted an assessment which considered the primary risks present in crypto-assets and their markets, such as “low liquidity, the use of leverage, market risks from volatility, and operational risks,” and determined that, “[b]ased on these features, crypto-assets lack the key attributes of sovereign currencies and do not serve as a common means of payment, a stable store of value, or a mainstream unit of account.” However, the October report discussed challenges to assessing and monitoring potential risks and commented on the following implications that may arise from the evolving use of crypto-assets: (i) reputational risks to financial institutions and their regulators; (ii) risks from direct or indirect exposures of financial institutions; (iii) risks resulting from the use of crypto-assets in payments and settlements; and (iv) risks from market capitalization and wealth effects.