Cyber Resilience: Regulatory Compliance

Cyber threats have emerged as a systematic concern for the financial sector, and especially for the Financial Market Infrastructures (FMI’s), because of their unique role and characteristics. In this context, the ECB has imposed the financial sector to comply with multiple cyber resilience regulations. The sector has made extensive efforts to comply with these expectations by implementing one  or more cyber security frameworks (NIS, ISO27001, COBIT …). Yet it remained difficult to properly comply with the expectations of the regulator due to a lack of operational and detailed methodology. The ECB has recognised this issue and has published the Cyber Resilience Oversight Expectations (CROE) as a solution. This methodology sets out clear criteria for the FMI’s to work with, establishing a detailed basis for discussion with the regulator. The great news is that the ECB has used existing international cyber resilience frameworks as input for developing the CROE, meaning that the efforts to comply with one of these standards can be built upon to accelerate compliance with CROE.

In this brochure we would like to give you some initial insights in the CROE and show you how it can be used as an opportunity to streamline your current cyber resilience landscape.