Cyber Risk in Central Banking (BIS)
The rising number of cyber attacks in the financial sector poses a threat to financial stability and makes cyber risk a key concern for policy makers. This paper presents the results of a survey among members of the Global Cyber Resilience Group on cyber risk and its challenges for central banks. The survey reveals that central banks have notably increased their cyber security-related investments since 2020, giving technical security control and resiliency priority. Central banks see phishing and social engineering as the most common methods of attack, and the potential losses from a systemically relevant cyber attack are deemed to be large, especially if the target is a big tech providing critical cloud infrastructures. Generally, respondents judge the preparedness of the financial sector for cyber attacks to be inadequate. While central banks in most emerging market economies provide a framework for the collection of information on cyber attacks on financial institutions, less than half of those in advanced economies do. Cooperation among public authorities, especially in the international context, could improve central banks’ ability to respond to cyber attacks.
The NIST Cybersecurity Framework (CSF) 2.0
The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization — regardless of its size, sector, or maturity — to better understand, assess, prioritize, and communicate its cybersecurity efforts. The CSF does not prescribe how outcomes should be achieved. Rather, it links to online resources that provide additional guidance on practices and controls that could be used to achieve those outcomes. This document describes CSF 2.0, its components, and some of the many ways that it can be used.
Guideline on Integrating Strategy, Risk and Resilience – IRMSA 2022
IRMSA's groundbreaking guideline tackles the challenge of risk management's value proposition head-on. By advocating for the seamless integration of strategy, risk, and resilience, it empowers organisations to navigate complexity, make holistic decisions, and create sustainable value. This innovative approach promises to revolutionise how businesses operate in today's VUCA environment.
Guidelines for Sound Management of Risks related to Money Laundering and Financing of Terrorism (BCBS)
Being aware of the risks incurred by banks of being used, intentionally or unintentionally, for criminal activities, the Basel Committee on Banking Supervision is issuing these guidelines to describe how banks should include money laundering (ML) and financing of terrorism (FT) risks within their overall risk management.
Guidelines for Identification and Management of Step-in Risk (BCBS)
By publishing these guidelines, the Basel Committee on Banking Supervision aims to mitigate potential spillover effects from the shadow banking system to banks. This work is part of the G20 initiative to strengthen the oversight and regulation of the shadow banking system to mitigate systemic risks, in particular risks arising due to banks’ interactions with shadow banking entities.
Guidelines for Counterparty Credit Risk Management (BCBS)
These guidelines set out critical aspects of effective management of banks’ counterparty credit risk (CCR) and sound practices regarding what constitutes a robust CCR management framework. CCR is the risk that the counterparty to a transaction could default before the final settlement of a transaction’s cash flows. CCR is a multidimensional form of risk, affected by both the exposure to a counterparty as well as the credit quality of the counterparty, both of which can be sensitive to highly dynamic and fast-moving changes in financial markets.
The 2023 Banking Turmoil and Liquidity Risk: a Progress Report (BCBS)
The banking turmoil of March-May 2023 was the most significant system-wide banking stress since the Great Financial Crisis in terms of scale and scope. Over the span of 11 days – from 8 to 19 March 2023 – four banks with total assets of about $900 billion were shut down, put into receivership or rescued. Subsequently, a bank with roughly $230 billion of assets was closed on 1 May 2023. The bank failures, while having largely distinct causes, triggered a broader crisis of confidence in the resilience of banks and banking systems across multiple jurisdictions.
Revisions to the Principles for the Sound Management of Operational Risk (BCBS)
In March 2021, the Basel Committee on Banking Supervision (BCBS) published its Revisions to the Principles for the Sound Management of Operational Risk (PSMOR). The principles were introduced in 2003 and subsequently revised in 2011 to incorporate the lessons from the Great Financial Crisis. The 2021 revisions resulted from a 2014 review that indicated that several principles had not been adequately implemented and did not sufficiently capture certain important sources of operational risk.
Principles for Effective Risk Data Aggregation and Risk Reporting (BCBS)
One of the most significant lessons learned from the global financial crisis that began in 2007 was that banks’ information technology (IT) and data architectures were inadequate to support the broad management of financial risks. Many banks lacked the ability to aggregate risk exposures and identify concentrations quickly and accurately at the bank group level, across business lines and between legal entities. Some banks were unable to manage their risks properly because of weak risk data aggregation capabilities and risk reporting practices. This had severe consequences to the banks themselves and to the stability of the financial system as a whole.
Principles for Operational Resilience (BCBS)
In the years that followed the Great Financial Crisis (GFC) of 2007–09, the Basel Committee’s reforms of its prudential framework have enhanced the supervision of the global banking system and resulted in a number of structural changes to strengthen banks’ financial resilience. While significantly higher levels of capital and liquidity have improved banks’ ability to absorb financial shocks, the Committee believes that further work is necessary to strengthen banks’ ability to absorb operational risk-related events, such as pandemics, cyber incidents, technology failures and natural disasters, which could cause significant operational failures or wide-scale disruptions in financial markets. In light of the critical role that banks play in the operation of the global financial infrastructure, increasing their resilience would provide additional safeguards to the financial system.