The two institutions aim to implement a new guidance on cyber resilience for firms, including banks.
The BIS’ Committee on Payments and Market Infrastructures (CPMI)5 and IOSCO6 highlighted in their latest report7 the need to adopt guidance on cyber resilience for financial market infrastructures (FMIs). The report found out issues and concerns that need to be addressed, including: (i) shortcomings in meeting the two-hour recovery time objective on cyber response and recovery plans; (ii) lack of cyber resilience testing after major system changes; (iii) lack of comprehensive scenario-based testing; and (iv) inadequate involvement of relevant stakeholders in testing. The CPMI and IOSCO urged the relevant FMIs and their supervisors to address these issues as they pose clear challenges for cyber resilience.
