BaFin Pushes for Tougher Cybersecurity Measures

In recent years, several stress tests have been carried out to assess the capital adequacy of large EU banks. On Tuesday, the president of German's BaFin stated that the regulator is considering carrying out another one on Cybersecurity.

November 21, 2018 | AtoZ Markets - The President of the Federal Financial Supervisory Authority (BaFin), Felix Hufeld has stated that the cybersecurity procedures of financial institutions need to be strengthened.

BaFin's President Urges Greater Focus on Cybersecurity

While speaking on Tuesday at a conference in Frankfurt, Germany, Hufeld stated that the banks have more to do in cracking down on cybercrime. This also includes spending more on identifying risks as well as paying greater attention to the issue at the management level.

The president of the German's financial market watchdog has been quoted as saying: “IT security is a matter for the boss”.

At the same event, the president further stated that BaFin and the nation's central bank – the Deutsche Bundesbank – were making plans to force banks to start carrying out cybersecurity stress tests. At the moment, there is some ongoing legislation throughout the European Union that compels companies to comply with certain practices.

What the GDPR stand for

Most notably, the General Data Protection Regulation (GDPR), which is a legal framework that sets guidelines for the collection and processing of personal data of individuals within the European Union (EU) came into effect across the EU on May 25, 2018.

This important change in data privacy regulation mandates companies to report – within 72 hours – any data breaches affecting EU residents. Under the terms of GDPR, site users are allowed to easily opt-out of sharing their data.

There are also stiff penalties when the regulation is breached. A company that is reckless can be fined €20 million or 4 percent of the firm's annual revenue – whichever is higher.

Although the GDPR, for the past couple of years has been the focal point of every board meeting, it is not exactly cybersecurity regulation. As the name suggests, its precepts are very much geared towards protecting customer data.

Regulators demand liquidity stress tests

While there are penalties for not reporting data breaches, it is true that it doesn’t require firms to do anything to protect that data. Meanwhile, for those working in the liquidity or banking sector, Hufeld’s suggested stress tests sounds familiar.

Whether it is meeting the Net Stable Funding Ratio (NSFR) or the Liquidity Coverage Ratio (LCR), the endless demands by regulators for liquidity stress tests give some idea as to what a cybersecurity stress test might look like.

But the question is, will Brussels and Berlin's cyborgs start mandating them soon? Watch this space.

Think we missed something? Let us know in the comments section below.

    Share Your Opinion, Write a Comment