Global Trustee and Fiduciary Services Bite-Sized Issue 1 2024

Global Trustee and Fiduciary Services Bite-Sized | Issue 1 | 2024 2 QUICK LINKS BENCHMARKS REGULATION CSDR CYBERSECURITY DEFI DIGITALISATION DORA ELTIF FSB FUND LIQUIDITY MONEYMARKET FUNDS OPERATIONAL RESILIENCE SUSTAINABLE FINANCE/ESG ASIA EUROPE IRELAND NORTH AMERICA UNITED KINGDOM CSDR ESMA Consults on Potential Changes to the CSDR Penalty Mechanism On 15 December 2023 the European Securities and Markets Authority (ESMA) published a consultation paper on ‘Technical Advice to the European Commission on the CSDR penalty mechanism’. ESMA states that the aim of the consultation is to collect evidence and data from stakeholders on the effectiveness of the current penalty mechanism in discouraging settlement fails and incentivising their rapid resolution. In addition, it seeks feedback on ESMA’s preliminary proposals regarding: • Alternative parameters, when the official interest rate for overnight credit charged by the central bank issuing the settlement currency, is not available; • The treatment of historical reference data for the calculation of late matching fail penalties; and • Alternative methods for calculating cash penalties, including progressive penalty rates. The public consultation is open until 29 February 2024. ESMA says that the feedback it receives will feed into its Technical Advice, which is expected to be sent to the European Commission by the end of September 2024. Link to Consultation Paper here CYBERSECURITY Managing Cyber Risk Associated with Third-party Service Providers On 21 December 2023 the Hong Kong Monetary Authority (HKMA) issued a Circular to Chief Executives of all Authorised Institutions (AIs), sharing with the industry a set of sound practices for managing cyber risk associated with the use of third-party service providers. The HKMA states that as digitalisation of banking services advances, AIs are increasingly leveraging technology and third-party services to drive business growth and enhance operational efficiency. Meanwhile, greater reliance on third-party services has heightened AIs’ exposure to cyber risk as threat actors target the weakest link in the supply chain of digital banking services. The HKMA says there was a rise in both the number and sophistication of supply chain attacks that impacted a multitude of global institutions over the past year. Against this backdrop, the HKMA has undertaken a round of thematic examinations focused on AIs’ management of cyber risk associated with the use of third-party services, and has issued the circular to share with the industry the sound practices observed. Sound practices Sound practices, identified from the thematic examinations, provide guidance on how AIs may comply with this requirement. • Ensure sufficient emphasis on cyber risk associatedwith third-parties in risk governance framework; • Holistically identify, assess andmitigate cyber risk throughout the third-partymanagement lifecycle; • Assess supply chain risks associated with third-parties supporting critical operations; • Expand cyber threat intelligence monitoring to cover key third-parties and actively share intelligence with peer institutions; • Strengthen the preparedness for supply chain attacks with scenario-based response strategies and regular drills; and • Continuously enhance cyber defence capabilities through adopting the latest international standards, practices and technologies.