UK clearing houses to be subject to formal cybersecurity reporting

UK clearing houses to be subject to formal cybersecurity reporting

Clearing houses in the UK will have to complete regular cybersecurity reports due to new legislation likely to be introduced in May 2018.

The legal update will put the UK's regulation of cyber security in financial market infrastructures much more in line with current EU directives around critical infrastructure, including the Network and Information Security (NIS) Directive.

The EU's Directive allows each member state to define what is classed as an 'essential service' and therefore covered by the legislation. 

Earlier this month the UK government stated that firms operating in banking and financial market infrastructure would be exempted from the 'essential service' operators, despite the Directive stating that such firms fall within its scope. 

The latest report, published by legal online news site, suggests that the UK plans to codify cybersecurity reporting for clearing houses in separate legislation to the UK's proposed new NIS laws.

The government said that "provisions at least equivalent to those specified in the Directive will already exist by the time the Directive comes into force" in the context of cybersecurity obligations and notification duties in the banking and financial market infrastructure sectors.

It said that firms in those sectors "must continue to adhere to requirements and standards as set by the Bank of England and/or the Financial Conduct Authority".

The Bank of England has taken a number of steps to underline the significance of cybersecurity for market participants and infrastructure operators, including payment networks, central securities depositories and clearing houses. Its last annual report  described cybersecurity as "a supervisory priority".

And the Bank's Financial Stability Report, issued in June, detailed its vulnerability testing of the market's infrastructure operators and participants, including ther identification of certain weaknesses in terms of cyber risks and the need to step up its cybersecurity efforts.

"In some cases, controls on the integrity of systems and confidentiality of data needed to be strengthened," the Bank said. "In others, the tests identified the need for further investment in capabilities to detect, mitigate and respond to attacks. And in general, the tests highlighted the importance of firms continuing to invest in their people, processes and technology in order to counter the risks of cyber attack."

Comments: (0)