WFC comments on new global Cyber Guidance

In its response to the CPMI-IOSCO consultative report on cyber guidance for financial market infrastructures, the World Forum of CSDs makes recommendations in the following areas:

  1. The WFC welcomes the Guidance as it makes steps forward in raising awareness on the various aspects of cyber resilience. However, any measures taken in the Guidance should be proportional in order to accurately reflect the risk profile of CSDs.
  2. Governance: While respecting the crucial difference between a strategy and a framework document, the WFC believes it makes sense to allow CSDs to streamline their policy and use a single document as an outline for their cyber resilience policy.
  3. Identification: The WFC would like for CSDs to be able to list their critical functions in terms of priority classes rather than separate critical business functions and information assets.
  4. Protection: Regulators should be aware that CSDs will not always be in a position to impose their own cyber resilience standards to other entities, especially since FMIs’ standards are particularly strict due to their role as central infrastructures. Furthermore, if possible, a CSD should be able to rely on existing assessments of critical service providers (CSPs), such as independent assurance reports, to demonstrate compliance with the Guidance.
  5. Detection: Although fully respecting the importance of actively detecting threats to cyber resilience, regulators should be conscious of the fact that not all CSDs are able to commit the financial and human resources required to carry out zero-day exploits for example.
  6. Response and recovery: The 2-hour recovery time objectives should be aimed for in the form of a benchmark, but not made a legal requirement. CSDs will seek to resume their operations as soon as is possible assuring the integrity of data rather than the immediate resumption of operations is a greater priority.

For more details, read the full response to the CPMI-IOSCO consultative report on cyber guidance for financial market infrastructures.


About ecsdaeu

ECSDA represents 38 national and international central securities depositories (CSDs) across 37 European countries. The association provides a forum for European CSDs to exchange views and take forward projects of mutual interest. It aims to promote a constructive dialogue between the CSD community, European public authorities and all other stakeholders looking to achieve an optimal regulatory framework for clearing and settlement.
This entry was posted in Joint papers. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s