Judicial and law enforcement authorities in Europe, Australia, the United States, Ukraine and Canada have taken down a website that allowed fraudsters to impersonate trusted corporations or contacts to access sensitive information from victims, a type of cybercrime known as ‘spoofing’. The website is believed to have caused an estimated worldwide loss in excess of GBP 100 million (EUR 115 million). In a coordinated action led by the United Kingdom and supported by Eurojust and Europol, 142 suspects have been arrested, including the main administrator of the website.

Continue reading…

The Bank for International Settlements’ Committee on Payments and Market Infrastructures (CPMI) and the International Organisation of Securities Commissions (IOSCO) has on November 29th published an assessment showing reasonably high adoption of their Cyber Guidance by FMIs. The report – Implementation monitoring of the PFMI: Level 3 assessment on Financial Market Infrastructures’ Cyber Resilience – presents the results of an assessment of the state of cyber resilience (as of February 2021) at 37 FMIs from 29 jurisdictions that participated in this exercise in 2020–22. The Level 3 assessment covered all FMI types, ie, systemically important payment systems (PSs), central securities depositories (CSDs), securities settlement systems (SSSs), central counterparties (CCPs), and trade repositories (TRs).  Continue reading…

The NBFI sector continues to gain relevance and increasingly provides credit intermediation and funding services to the real economy. This results in both direct and indirect interconnections between banks and NBFIs through multiple channels. The Committee is concerned about the growth of these exposures, given the often opaque and quickly evolving nature of the attendant risks. Recent episodes of NBFI distress, including the collapse of Archegos Capital Management and events leading to stresses in government bond markets (eg liability-driven investment strategies), have highlighted vulnerabilities and deficiencies in banks’ risk management practices. The Committee recently conducted a risk horizon scanning exercise related to banks’ NBFI activities and discussed supervisory and policy implications resulting from the recent distress of specific NBFIs. Continue reading…

The Financial Stability Board (FSB) Regional Consultative Group for Europe met on 10 November in Lisbon to discuss global and regional economic and financial market developments, including recent work to address vulnerabilities in non-bank financial intermediation and to promote consistent and effective regulation of crypto-assets and markets as well as stablecoin arrangements. Members also received an update on planned FSB work for 2023, including proposed deliverables to the Indian G20 Presidency. Members discussed the increasingly challenging outlook for financial stability globally and in the region arising from volatile commodity prices, high inflationary pressures and vulnerabilities in the non-bank financial system amidst heightened geopolitical tensions and tightening global financial conditions. Members also discussed challenges arising from climate change related financial exposures, cyber threats and structural changes due to digital innovation. Continue reading…

In the wake of the news that crypto exchange FTX is on the brink of collapse, Matt Smith, CEO and co-founder of compliance technology and data analytics firm, SteelEye made some comments about the part Binance played in FTX’s fall from grace: “The digital assets market has been rocked – once again – by the near collapse of one of the sector’s leading players, FTX. Despite huge inflows of investment, FTX was reckoning with a “liquidity crunch”. Surging withdrawals – reportedly amounting to $6 billion in just three days – plummeted the crypto exchange’s valuation, and FTT, FTX’s native coin, collapsed by 72% in just 24 hours.” Continue reading…

On 10 November 2022, the European Parliament adopted the Digital Operational Resilience Act. DORA is an EU regulation that sets out to establish a uniform and comprehensive framework for the digital operational resilience of the financial sector. Nearly all regulated financial entities are in scope of DORA. They will have to put in place sufficient safeguards to protect against cyber and other ICT risks, in their internal processes but also in their existing and new contracts with ICT service providers. Continue reading…

The Financial Stability Board (FSB) has published a consultative document on Achieving Greater Convergence in Cyber Incident Reporting. Timely and accurate information on cyber incidents is crucial for effective incident response and recovery and promoting financial stability. The proposals take a comprehensive approach and include: Continue reading…

The EU Agency for the Cooperation of Energy Regulators (ACER) and the European Securities and Markets Authority (ESMA) are strengthening their cooperation to further improve information exchange and avoid potential market abuse in Europe’s spot and derivative markets. The two EU agencies have a long-established cooperative relationship considering the interlinkages between spot and derivative energy markets. One of the fora where this cooperation takes place is the Energy Trading Enforcement Forum (ETEF) where the energy National Regulatory Authorities (NRAs), the financial National Competent Authorities (NCAs), ESMA and ACER discuss implementation issues concerning market abuse rules and share their experience in relation to their supervisory activity and enforcement actions to ensure consistency across the EU.  Continue reading…

by Mark Worth

Revealing the inadequacy of the world’s second-oldest whistleblower system, a new report finds UK officials release “scant or no information at all” about what happens to disclosures after citizens submit them. Many UK public agencies that are legally required to investigate whistleblower reports provide “generic or vague” information about their responses to the disclosures, according to the London-based NGO Protect. In a “significant” number of cases, the agencies took “limited or no action” or did not provide enough information about what – if any – action they took when a citizen reported crime or corruption. Continue reading…