The UK Government is finalizing a set of new regulations that will make cyber security reports mandatory for clearing houses to operate in the country.
Slated for launch May 2018, the new legislation is on the lines of the strict measures taken by the EU around its critical market infrastructures which includes the Network and Information Security (NIS) Directive.
Under the EU directive, each constituent state must establish what’s ‘essential service’ and get it covered under the regulation.
Despite the Directive, the UK had earlier taken a stand that firms operating in the banking and financial sector would be exempted from the ‘essential service’ classification.
In its latest report, however, the British government plans to codify the cybersecurity reporting for clearing houses, strictly adhering to a separate legislation under the proposed new NIS laws.
According to media reports, the government’s “provisions at least equivalent to those specified in the Directive will already exist by the time the Directive comes into force”.
The proposed ruling is that the clearing houses and related firms must adhere to regular requirements and standards as would be set by the Bank of England and/or the Financial Conduct Authority, UK.
A number of mission critical operatives will come under the purview of this statutory conditions of Bank of England, including payment networks, central securities depositories and clearing houses. Noting cybersecurity as a ‘supervisory priority’, the central Bank has taken up the issue with much attention to micro and macro level protection and control across the national infrastructure.
With the coming of the new regulations, Bank of England and the government institutions related to the industry hope to plug all vulnerable areas by testing operators and participants, including their identification of certain weaknesses in the cyber risk exposures.
“In some cases, controls on the integrity of systems and confidentiality of data needed to be strengthened,” the Bank said. “In others, the tests identified the need for further investment in capabilities to detect, mitigate and respond to attacks. And in general, the tests highlighted the importance of firms continuing to invest in their people, processes and technology in order to counter the risks of cyber attack.”
