top of page
  • Writer's pictureDeborah

Last November, 2022 the Bank for International Settlements (BIS) and the International Organization of Securities Commissions (IOSCO) published their Level 3 assessment of cyber resilience on 37 Financial Market Infrastructures (FMIs) from 29 jurisdictions.

This report raised issues of concern relating to cyber response and recovery plans, as well as resilience planning and testing:

  1. The first serious issue of concern relates to principle 17 (operational risk), key consideration 6 that states an FMI’s business continuity plan should be designed to ensure that critical information technology systems resume operations within two hours following disruptive events. The assessment found that a small number of FMIs had not developed their cyber response and recovery plans to meet this recovery time objective.

  2. In addition, another small number of FMIs with established plans were not able to meet the two-hour window under extreme attack scenarios

  3. Furthermore, a number of FMIs are not conducting cyber resilience testing after a significant systems change. Such testing would include backup data integrity, vulnerability assessments and penetration testing

  4. Multiple FMIs may not be conducting comprehensive scenario-based testing

  5. Some FMIs did not include external parties such as critical service providers

The report also provides nine observations concerning practices, metrics and testing.

Recent Posts

See All

Product Corner - VAs : Quèsaco

Virtual Assets (VAs) or crypto assets refer to : “any digital representation of value that can be digitally traded, transferred or used for payment. It does not include digital representation of fiat

Upcoming Regulatory Deadlines to Watch

10 Aug 2023 - Deadline to submit comments to FCA Guidance Consultation (GC23/1) on crypto asset financial promotions. 5 Sep 2023 - Effective date of SEC Cybersecurity Risk Management, Strategy, Govern


bottom of page