Global Trustee and Fiduciary Services Bite-Sized Issue 10 2024

6 QUICK LINKS CBDC CRYPTOASSETS FINTECH LIBOR TRANSITION OPERATIONAL RESILIENCE PRIIPS SUSTAINABLEFINANCE/ESG T+1 ASIA/PACIFIC EUROPE NORTH AMERICA UNITED KINGDOM Global Trustee and Fiduciary Services Bite-Sized | Issue 10 | 2024 OPERATIONAL RESILIENCE Risk Associated with Third-party IT Solutions On 27 September 2024, the Hong Kong Monetary Authority (HKMA) published a circular addressed to the Chief Executives of all Authorized Institutions (AIs), sharing its insights gathered from its industry engagement following a recent faulty update of a cybersecurity solution provider, and reminding AIs that they should ensure that adequate measures are put in place to effectively manage third-party dependencies and enhance the operational resilience against the failure of third-party IT solutions. Following the incident, the HKMA says it reached out to major AIs to gather insights on risk management measures aimed at preventing similar incidents in the future. In addition to the principles and guidance provided in the HKMA’s Supervisory Policy Manual modules, Cyber Risk Assessment Framework (C-RAF), and circulars on third-party risk management, the HKMA says it expects the senior management of AIs to ensure that their institutions take into account the good industry practices in reviewing and enhancing their risk management controls. Link to Circular here Link to Good Practices here ECB: Adopting TIBER-EUWill Help Fulfil DORA Requirements On 26 September 2024, the European Central Bank (ECB) published a paper outlining how the European framework for threat intelligence-based ethical red teaming – the TIBER-EU framework – can help competent authorities and financial entities fulfil the requirements for threat-led penetration testing (TLPT) under the Digital Operational Resilience Act (DORA). The TIBER-EU framework provides comprehensive guidance on how authorities, financial entities, threat intelligence providers and red team testers should work together to test and improve financial entities’ cyber resilience, by carrying out controlled cyberattacks. The paper covers the following: • Why adopting TIBER-EU can help financial entities and authorities to fulfil DORA requirements for TLPT. • What is the TIBER-EU framework? • What does adoption of TIBER-EU entail? • What benefits does the TIBER-EU framework have for authorities and financial entities that need to fulfil the DORA requirements for TLPT? – Extensive guidance. – Experience and knowledge of TLPT. – TIBER-EU Knowledge Centre and community. • Adopting the TIBER-EU framework as a next step towards fulfilling the DORA requirements for TLPT Link to the Paper here