Earlier this week, the International Organisations of Securities Commissions (IOSCO) released their Cyber Task Force Final Report.
In a formal statement, IOSCO indicated that this report, prepared by the IOSCO Cyber Task Force, provides an overview of cyber standards and frameworks used by member regulators and is meant to be used as a resource by financial market regulators and firms.
Cyber Task Force Chairman, Christopher Giancarlo, said that:
As Chairman of the IOSCO Cyber Task Force, I am pleased to announce the publication of the IOSCO Cyber Task Force’s Final Report. This international effort was led by regulators with significant input from the private sector. The report offers a path, based on existing cyber frameworks, for jurisdictions around the world who are interested in developing a new cyber security and resilience regime or improving an already existing regime.
The international regulator said they hope, ultimately, that members and firms internationally will use this an opportunity to review their standards.
A survey conducted for the Report indicated that most firms operating in the jurisdiction of IOSCO’s financial members see cyber risk as one of the most important threats to their organisation, with 81 per cent of respondents noting cyber risk as one of the most significant threats.
Source: IOSCO Cyber Task Force Report
ASIC & cyber risk
The Australian Securities and Investments Commission (ASIC) are financial members of IOSCO and have been promoting the conversation around cyber risk and cyber resilience for some time.
At the end of 2016, then ASIC Chairman, Greg Medcraft, listed the regulator’s vision as:
Promoting investor and consumer trust and confidence;
Ensuring fair and efficient markets; and
Providing efficient registration.
His five noted challenges to conduct regulators at the time were:
conduct risk and the balance between a free, market-based system with investor and financial consumer protection;
digital disruption and cyber resilience in our financial services and markets;
structural change in our financial system through market-based financing which is driven by the growth in superannuation;
complexity in financial markets and products driven by innovation; and
globalisation of financial markets, products and services.
In their recent reminder about ASIC’s expectations for the full-year financial reports, the regulator indicted that, when it comes to operating reviews and financial review, it is expected that Listed companies would provide what the regulator highlighted as ‘meaningful data’, and that includes risks and other matters that could have material impact on the position and future performance of the entity.
ASIC said, regarding the changes in financial reporting:
This could include, for example, matters relating to climate change, market changes, digital disruption, new technologies, Brexit or cyber-security.
Cyber risk was also highlighted as an emerging risk in the May Market Integrity Report, alongside conduct governance and effective capital markets.