TUESDAY, 20 OCT 2020



Facebook Linked In Twitter
GAP Vassilopoulos

Christodoulides Meets US Assistant Secretary Of State

President Anastasiades Congratulates New Turkish Cypriot Leader Tatar



brought to you by Barclays

New Guidelines On ICT And Security Risk Management

New Guidelines On ICT And Security Risk Management

Information Communication Technology (ICT) and information security risk management are fundamental for a financial institution to achieve its strategic, corporate, operational and reputational objectives.  In light of an increasingly interconnected digital economy, of the reliance and complexity of information and communication technology (ICT) and security risks, and the rise in sophisticated cyber security attacks and incidents, the European Banking Authority (EBA) released the Guidelines on ICT and security risk management (EBA/GL/2019/04).


The guidelines came into force as of 30 June 2020, and will be the EBA's de-facto regulatory standard within the ICT and security risk management domain. They are compatible with the three lines of defence model, with the ICT operational units being the first line of defence, and focus in particular on the responsibilities of the management body and the second line of defence (which usually includes the information security function).


They should be read in conjunction with the EBA's regulatory standard on Outsourcing (EBA/GL/2019/02), which outline how financial institutions should manage outsourcing taking into consideration the critical role that third parties have to play in protecting the security and resilience of financial institutions. It should also be noted that the guidelines clarify and harmonise the supervisory expectations stemming from the Capital Requirements Directive (CRD) and Payment Services Directive 2 (PSD2).


When applying the guidelines, institutions are expected to consider the principle of proportionality (e.g. in relation to the size, complexity, services / products offered).


The guidelines outline the EBA's expectations on how financial institutions (e.g. payment service providers, credit institutions, investment firms) should manage their ICT and information security risks in order to reduce the likelihood and severity of potential incidents, and covers the following critical areas:

Governance and Strategy

ICT and Security Risk Management Framework

Information Security

ICT Operations Management

ICT Project and Change Management

Business Continuity Management

Payment Service User Relationship Management


Financial institutions should incorporate the guidelines into their overall risk management framework. Firstly, a current state / readiness assessment should be performed in order to identify gaps. This exercise should not be treated solely as a compliance assessment but should be an important action to identify, analyse, and evaluate risks. 


Due to the importance of this step, a number of financial institutions are opting to obtain independent validation. 


Based on the output of the readiness assessment, appropriate risk treatment plans should be derived and a remediation roadmap with priorities determined. As an ongoing risk management process, a reporting mechanism should be in place so that executive management and the board are informed of the status and take informed decisions. 






London Investment Challenges And Opportunities

Consulco, with many years of experience in London as a high-performance investment ...

Eight Countries Participate In UK’s Strategic Leadership Programme

The Defence Academy of the United Kingdom and Cranfield University successfully delivered ...

Rias Attar At The 19th Leadership & Human Resource Management Conference

IMH and PwC Cyprus announce the 19th Leadership & Human Resource Management ...



Production In Construction In Cyprus Down for Q2 2020

In August 2020, the seasonally adjusted production in the construction sector rose by 2.6% in the euro area and by 2.4% in the EU, compared with July 2020, ...

Christodoulides Meets US Assistant Secretary Of State

Foreign Minister Nicos Christodoulides met US Assistant Secretary of State for Political-Military Affairs Clarke Cooper to discuss the current Eastern ...

Tourist Arrivals Drop In September 2020

The arrivals of tourists reached 87,334 in September 2020 compared to 524,707 in September 2019, recording a decrease of 83.4%.   According to the ...

Hyundai Motor And Affiliate Kia Motors Flag $2.9 Billion Earnings Hit From Quality Costs

Hyundai Motor and affiliate Kia Motors said that their third-quarter earnings would reflect quality-related costs amounting to a combined 3.36 trillion ...

President Anastasiades Congratulates New Turkish Cypriot Leader Tatar

President of the Republic of Cyprus Nicos Anastasiades has congratulated the new leader of the Turkish Cypriot community Ersin Tatar and has expressed hope ...

Virus Resurgence Sees World Central Bankers Stick to Gloomy Tone

Global central bankers are under no illusion that they’re through the fallout from the coronavirus, issuing fresh warnings about new government ...

EY Presents The Eight Megatrends That Will Shape The World’s Now, Next And Beyond

The spread of the pandemic, within a few weeks, put health systems to the test, highlighted the weaknesses of social protection networks, plunged the world ...

Extra Measures In Place For Limassol To Curb Spread Of Coronavirus

The Ministry of Health has announced further measures for the Limassol District, with catering establishments obliged to close at 22:30, in an effort to curb ...