"Cybersecurity, Data and Technology Principles" for the Financial Industry

On 9 May 2016, the European Banking Federation (EBF), the Global Financial Markets Association (GFMA, comprised of ASIFMA, AFME and SIFMA) and the International Swaps and Derivatives Association (ISDA) agreed on common principles to promote effective global policy on cybersecurity, data and Technology. The "International Cybersecurity, Data and Technology Principles" offer key elements which are vital for new legal standards and technological affecting the technology infrastructure of globally acting financial services firms.

Two Crucial Issues

The paper highlights two crucial issues that must be recognized before principles for effective policymaking can be established:

• Global Problem: 
  First, cybersecurity, data protection and technological advancement are international issues requiring global solutions.
    
• Speed of Change: 
  Second, cybersecurity threats, risks, and the technology that mitigate them shift faster than regulations and standards can respond. Effective regulations will go beyond assessing whether an institution is compliant with a particular standard and instead ensure that sufficient people, processes and technology are in place to manage risks.

Suggested Approach

The paper concludes that the best approach for developing technology policies is open and transparent formulation and implementation, which allows stakeholders to provide meaningful input to regulators. This helps ensure that the resulting regulations are effective, compatible with global norms, and unlikely to cause unintended consequences.

In particular, effective prudential frameworks and policies must allow companies to conduct their own risk assessments and determine what technology best meets their security needs.

(Ga)

"International Cybersecurity, Data and Technology Principles", 9 May 2016