Guidance on cyber resilience for financial market infrastructures
The Cyber Guidance aims to add momentum to and instil international consistency in the industry's ongoing efforts to enhance its cyber resilience.
The Cyber Guidance aims to enhance the ability of Financial Market Infrastructures (FMIs) to pre-empt cyber-attacks, respond rapidly and effectively to them, and achieve faster and safer target recovery objectives if the attacks succeed. In addition, the Cyber Guidance provides authorities with a set of internationally agreed guidelines to support consistent and effective oversight and supervision of FMIs in the area of cyber risk.
At its core, the Cyber Guidance requires FMIs to instill a culture of cyber risk awareness and to demonstrate ongoing re-evaluation and improvement of their cyber resilience posture at every level within the organisation. Furthermore, while the guidance is directly aimed at FMIs, it is important for them to take on an active role in reaching out to their participants and other relevant stakeholders to promote understanding and support of resilience objectives and their implementation. Effective solutions may require collaboration between FMIs and their stakeholders as they seek to strengthen their own cyber resilience.
The Cyber Guidance does not establish additional standards for FMIs beyond those already set out in the Principles for Financial Market Infrastructures (PFMI). Instead, the document is intended to be supplemental to the PFMI, primarily in the context of governance (Principle 2), the framework for the comprehensive management of risks (Principle 3), settlement finality (Principle 8), operational risk (Principle 17) and FMI links (Principle 20).