The European Banking Federation (EBF), the Global Financial Markets Association (GFMA, comprised of ASIFMA, AFME and SIFMA) and the International Swaps and Derivatives Association (ISDA) today announced they are seeking to encourage effective global policy measures on cybersecurity, data and technology through a new set of common principles.
The principles are published in the paper called International Cybersecurity, Data and Technology Principles
, and are designed as a starting point for dialogue with policy-makers, industry and other stakeholders at the global level. The principles offer key considerations to be taken into account when a nation or one of its agencies or standard-setting bodies creates laws, regulations, or standards that affect the technology infrastructure of financial services firms operating globally.
The groups are submitting these principles to the Financial Stability Board (FSB) and the International Organization of Securities Commissions (IOSCO), each uniquely positioned as international standard-setting organizations, to seek their views and guidance on this process.
“A strong, open and resilient technological ecosystem is essential to the health and protection of financial markets. Increased reliance on and use of technology creates benefits, but also engender inherent risks,” the groups note in the paper. “We applaud governments for paying closer attention to this critically important issue. It is also important, however, that countries and jurisdictions tackling risks do not create rules that inadvertently force global businesses to fragment their technology systems, impeding competition and innovation and thereby harming investors.”
The paper highlights two crucial issues that must be recognized before principles for effective policy-making can be established. First, cybersecurity, data protection and technological advancement are international issues requiring global solutions. Second, cybersecurity threats, risks, and the technology that mitigate them shift faster than regulations and standards can respond. Effective regulations will go beyond assessing whether an institution is compliant with a particular standard and instead ensure that sufficient people, processes and technology are in place to manage risks.
The paper concludes that the best approach for developing technology policies is open and transparent formulation and implementation, which allows stakeholders to provide meaningful input to regulators. This helps ensure that the resulting regulations are effective, compatible with global norms, and unlikely to cause unintended consequences. In particular, effective prudential frameworks and policies must allow companies to conduct their own risk assessments and determine what technology best meets their security needs.