BaFin Considering Cybersecurity Stress Tests

Tuesday, 20/11/2018 | 15:49 GMT by David Kimberley
  • Speaking in Frankfrut, Willam Hufeld said that the regulator is working on new rules with the German central bank.
BaFin Considering Cybersecurity Stress Tests
FM

The head of the Federal Financial Supervisory Authority (BaFin) said on Tuesday that financial institutions need to strengthen their cybersecurity procedures.

Speaking at a conference in Frankfurt, Felix Hufeld, the president of the German regulator, said that “IT security is a matter for the boss.”

At the same event, Hufeld also said that BaFin and Germany’s central bank - the Deutsche Bundesbank - were considering forcing banks to start running cybersecurity stress tests.

Currently, there is some legislation in action throughout the European Union that forces firms to adhere to certain practices.

Most notably, General Data Protection Regulation (GDPR), which anyone who has stepped foot in an office over the past two years will be aware of, went live earlier this year.

GDPR - not enough for BaFin

BaFin president felix hufeld in a black suit and white shirt

BaFin President Felix Hufeld

The hope and joy of workers all across the globe, GDPR requires firms to report any data breaches affecting EU residents within 72 hours. It also allows site users to more easily opt-out of sharing their data.

Breaches of the Regulation are also harsh. Firms that slip up can be fined €20 million ($22.79 million) or 4 percent of their annual revenue - whichever is higher.

Though GDPR has been the talk of every board meeting for the past couple of years, it is not exactly cybersecurity regulation.

In fact, its precepts are much more geared towards - as its name suggests - protecting customer data. True, there are fines for not reporting data breaches, but it doesn’t require firms to do anything to protect that data.

To those working in Liquidity or banking book risk, Hufeld’s suggested stress tests will be familiar.

Regulators’ endless demands for liquidity stress tests, whether it be meeting the net stable funding ratio (NSFR) or liquidity coverage ratio (LCR), give some idea as to what a cybersecurity stress test may look like.

Will the cyborgs in Brussels and Berlin start mandating them soon? Watch this space.

The head of the Federal Financial Supervisory Authority (BaFin) said on Tuesday that financial institutions need to strengthen their cybersecurity procedures.

Speaking at a conference in Frankfurt, Felix Hufeld, the president of the German regulator, said that “IT security is a matter for the boss.”

At the same event, Hufeld also said that BaFin and Germany’s central bank - the Deutsche Bundesbank - were considering forcing banks to start running cybersecurity stress tests.

Currently, there is some legislation in action throughout the European Union that forces firms to adhere to certain practices.

Most notably, General Data Protection Regulation (GDPR), which anyone who has stepped foot in an office over the past two years will be aware of, went live earlier this year.

GDPR - not enough for BaFin

BaFin president felix hufeld in a black suit and white shirt

BaFin President Felix Hufeld

The hope and joy of workers all across the globe, GDPR requires firms to report any data breaches affecting EU residents within 72 hours. It also allows site users to more easily opt-out of sharing their data.

Breaches of the Regulation are also harsh. Firms that slip up can be fined €20 million ($22.79 million) or 4 percent of their annual revenue - whichever is higher.

Though GDPR has been the talk of every board meeting for the past couple of years, it is not exactly cybersecurity regulation.

In fact, its precepts are much more geared towards - as its name suggests - protecting customer data. True, there are fines for not reporting data breaches, but it doesn’t require firms to do anything to protect that data.

To those working in Liquidity or banking book risk, Hufeld’s suggested stress tests will be familiar.

Regulators’ endless demands for liquidity stress tests, whether it be meeting the net stable funding ratio (NSFR) or liquidity coverage ratio (LCR), give some idea as to what a cybersecurity stress test may look like.

Will the cyborgs in Brussels and Berlin start mandating them soon? Watch this space.

About the Author: David Kimberley
David Kimberley
  • 1226 Articles
  • 19 Followers
About the Author: David Kimberley
  • 1226 Articles
  • 19 Followers

More from the Author

Institutional FX

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}