Banks and payment infrastructures are to inform the Bank of Russia about the economic impact of cyber attacks

Photo: wk1003mike / shutterstock

Starting 1 July 2018, the Bank of Russia changes the reporting template on instances of the violation of information protection during funds transfer operations to be used by banks and payment infrastructures. The reporting will not include technical indicators describing the ways and reasons underlying the occurrence of incidents threatening cyber security. However, the template will introduce economic indicators to describe the consequences of these incidents for operators and their clients.

Specifically, operators will inform the Bank of Russia of the sums of money which might be stolen and which have been actual stolen during the reporting period. The amount of funds stolen and subsequently returned by operators to their clients will be an important indicator. It will help the Bank of Russia to assess the quality of performance by operators of their obligation to repay stolen funds to their clients, as established by the law ‘On the National Payment System’. The new reporting template will also include indicators characterising continuity of funds transfer services in the situation of a cyber attack.

Following the occurrence of such incidents, operators will submit information on the technical characteristics of these attacks to the Bank of Russia Financial Sector Computer Emergency Response Team (FinCERT).

The amended reporting template will enhance the reliability of information on instances associated with the violation of information protection during funds transfers, as well as the efficiency of risk control measures employed by funds transfer operators and payment infrastructures. Besides, such submitted information will facilitate a more accurate assessment of the quality of risk and capital management systems at banks and banking groups.

14 June 2018

× Закрыть