GFMA has released its Financial Data Handling Principles for Banks and Non-Banks as a voluntary set of principles drawn from international best practices. The principles are based on both the U.S. NIST Cybersecurity Framework and the European Union’s General Data Protection Regulation (GDPR).
Cybersecurity & Operational Resilience
Cybersecurity is an inherently cross-border issue that is critical to modern capital markets.
GFMA has worked with its members and policymakers to promote cybersecurity practices that support the policy objectives of both regulators and firms in an efficient manner.
GFMA response to the Financial Stability Board (FSB) Consultative Document on a Cyber Lexicon.
GFMA response to the Financial Stability Board consultation document on a “Cyber Lexicon.”
Updated GFMA Penetration Testing White Paper, “A Win-Win Approach to Regulator-Guided, Firm-Led, Safe, Secure and Scalable Penetration Testing,”
Updated GFMA Penetration Testing White Paper, “A Win-Win Approach to Regulator-Guided, Firm-Led, Safe, Secure and Scalable Penetration Testing,” Related: GFMA Publishes Cybersecurity Penetration Testing Framework - 3 April 2018
This Framework is designed to create an agreed upon approach for regulators and financial services firms to conduct effective testing to satisfy both supervisory and firm originated requirements.
See: Press Release
GFMA and Other Associations Submit Comments to Multiple Agencies on Regulatory‐Mandated Third‐Party Penetration Testing
GFMA along with other trade associations provided comments to a group of domestic and international regulatory agencies on Regulatory‐Mandated Third‐Party Penetration. We encourage a dialogue over industry concerns over the recent proliferation of penetration testing regulations and guidance from regulators, SROs, and government agencies around the world, and the downstream impact to the financial services industry. Among other agencies, the OCC, FRB, SEC, CFTC, FINRA, and Treasury all received this letter.
GFMA, the European Banking Federation (EBF), and International Swaps and Derivatives Association (ISDA) publish a paper, “International Cybersecurity, Data and Technology Principles,” that offers the groups’ thoughts on foundational principles for the formation of effective policy on cybersecurity, data and technology.
GFMA provides comments to the International Organization of Securities Commissions (IOSCO), the BIS’ Committee on Payments and Market Infrastructures (CPMI), and others commending their proactive role in addressing cybersecurity, and encouraging them to work jointly with industry to defend against cyber attacks and cyber crime and increase the protection of financial markets and financial market participants.
Industry Unveils Cybersecurity Profile to Help Financial Institutions Develop and Maintain Cyber Risk Management Programs
Washington, D.C., October 25, 2018 -- In response to a survey of chief information security officers from financial institutions that indicated nearly 40% of their time was spent on compliance and reconciling competing, duplicative, redundant, and inefficient cybersecurity supervisory examinations, the Financial Services Sector Coordinating Council (FSSCC) led a group of financial trade associations today in unveiling a new Cybersecurity Profile. The new document provides a framework that integrates widely used standards and supervisory expectations to help guide financial institutions in developing and maintaining cybersecurity risk management programs and is the result of two years’ work and collaboration among financial institutions, trade groups, and government agencies. It was spearheaded by FSSCC, the American Bankers Association; Bank Policy Institute and its technology policy subdivision BITS; Futures Industry Association; Global Financial Markets Association and its member associations of the Association for Financial Markets in Europe, the Asia Securities Industry & Financial Markets Association, and the Securities Industry and Financial Markets Association; the Institute of International Bankers, the Institute of International Finance, and FIA.
“The Cybersecurity Profile represents the industry’s commitment to working together to preserve the safety and soundness of the financial system by mitigating and protecting its institutions, their customers and the broader economy from increasing cybersecurity risks,” said Chris Freeney, President of BITS and Executive Committee Member and Policy Committee Co-Chair of the FSSCC. “The Cybersecurity Profile is a first of its kind document that will help the industry harmonize its approach to cybersecurity risk management.”
“There is no greater threat to financial stability than a large-scale cyber event, and robust public private partnerships are the most effective way to manage cyber threats,” said Tom Wagner, Managing Director at SIFMA and Vice Chair of the FSSCC. “The financial services industry is constantly working to improve cyber defenses, resiliency and recovery through massive monetary investment in technology and personnel, regular training, best practices development, and industry tests. The Cybersecurity Profile is the latest example of our commitment to keeping our industry and our clients safe.”
“The industry took up the challenge to find a cybersecurity roadmap that works for both community banks and global banks,” said Denyette DePierro, vice president and senior counsel in ABA’s Center for Payments and Cybersecurity. “It’s an exciting moment and a new, innovative approach to regulation that could be applied to other areas of supervision and oversight.”
The Profile offers a common, credible approach to cybersecurity and assessment and is complementary to the NIST cybersecurity framework. Specifically, the Profile seeks to provide financial institutions and the third-party providers more consistent and efficient processing of examination material by firms and regulators. It also helps regulators and firms to prioritize resources and focus on cyber threats of greatest concern. And it seeks to establish a common set of industry best practices.
The Profile uses a questionnaire to identify the risk and complexity of a company and match the company with an appropriate, customized, and focused cybersecurity assessment. With its tailoring, the Profile enables front-line defenders to optimize their time on security activity, rather than compliance. For example, as compared against another widely used diagnostic, a community bank could reduce the number of questions it might answer by as much as 73%.
Indeed, the Profile is intended for use by any type of financial institution or third-party provider to a financial institution. The industry designed the Profile to be a framework that scales across institutions of varying complexity, interconnectedness, and criticality, and it incorporates regulatory expectations and best practices from across the sector and around the globe.
For more information please click
Also see: The Financial Services Sector Coordinating Council (FSSCC) for Critical Infrastructure Protection and Homeland Security Financial Services Sector Cybersecurity Profile here.
|Sarah Grano (ABA) email@example.com||William Goodwin (IIB), firstname.lastname@example.org|
|Sean Oblack (BPI), email@example.com||Dylan Riddle (IIF), firstname.lastname@example.org|
|Katrina Cavalli (GFMA), email@example.com||Steve Adamske (FIA), firstname.lastname@example.org|
About the American Bankers Association. The American Bankers Association is the voice of the nation’s $17 trillion banking industry, which is composed of small, regional and large banks that together employ more than 2 million people, safeguard $13 trillion in deposits and extend nearly $10 trillion in loans. Learn more at aba.com.
About the Bank Policy Institute: The Bank Policy Institute (BPI) is a nonpartisan public policy, research and advocacy group, representing the nation’s leading banks and their customers. Our members include universal banks, regional banks and the major foreign banks doing business in the United States. Collectively, they employ almost 2 million Americans, make nearly half of the nation’s small business loans, and are an engine for financial innovation and economic growth. Learn more about www.bpi.com.
About the Global Financial Markets Association. The Global Financial Markets Association (GFMA) represents the common interests of the world's leading financial and capital market participants, and speaks for the industry on the most important global market issues. GFMA's mission is to provide a forum for global systemically important banks to develop policies and strategies on issues of global concern within the regulatory environment.
The Global Financial Markets Association (GFMA) brings together three of the world’s leading financial trade associations to address the increasingly important global regulatory agenda and to promote coordinated advocacy efforts. The Association for Financial Markets in Europe (AFME) in London, Brussels and Frankfurt, the Asia Securities Industry & Financial Markets Association (ASIFMA) in Hong Kong and the Securities Industry and Financial Markets Association (SIFMA) in New York and Washington are, respectively, the European, Asian and North American members of GFMA.
About Institute of International Bankers. The Institute of International Bankers is the only national association devoted exclusively to representing and advancing the interests of internationally headquartered banking organizations operating in the United States. The IIB’s membership consists of approximately 90 banking and financial institutions from over 35 countries. In the aggregate, IIB members’ U.S. operations have approximately $5 trillion in U.S. banking and non-banking assets, and provide approximately 25 percent of all commercial and industrial bank loans made in this country. Collectively, the U.S. branches and other operations of IIB member institutions enhance the depth and liquidity of the U.S. financial markets and are an important source of liquidity in those markets, including for domestic borrowers.
About the Institute of International Finance. The Institute of International Finance is the global association of the financial industry, with close to 450 members from more than 70 countries. Its mission is to support the financial industry in the prudent management of risks; to develop sound industry practices; and to advocate for regulatory, financial and economic policies that are in the broad interests of its members and foster global financial stability and sustainable economic growth. IIF members include commercial and investment banks, asset managers, insurance companies, sovereign wealth funds, hedge funds, central banks and development banks.
About FIA. FIA is the leading global trade organization for the futures, options and centrally cleared derivatives markets, with offices in Brussels, London, Singapore and Washington, D.C. FIA’s membership includes clearing firms, exchanges, clearinghouses, trading firms and commodities specialists from more than 48 countries as well as technology vendors, lawyers and other professionals serving the industry. FIA’s mission is to support open, transparent and competitive markets, protect and enhance the integrity of the financial system, and promote high standards of professional conduct. As the principal members of derivatives clearinghouses worldwide, FIA’s member firms play a critical role in the reduction of systemic risk in global financial markets.
Global Trade Organization Aims to Facilitate Global Regulatory and Industry Coordination on Cybersecurity HONG KONG, LONDON and WASHINGTON, 3 APRIL 2018 – The Global Financial Markets Association (GFMA) today published
Global Trade Organization Aims to Facilitate Global Regulatory and Industry Coordination on Cybersecurity HONG KONG, LONDON and WASHINGTON, 11 December 2017 – The Global Financial Markets Association (GFMA) today published a set of principles to guide the development of a commonly accepted f