A new wave of legislative and regulatory initiatives in the financial sector aims to strengthen the resilience of financial industry players against risk arising from the use of information and communication technology. The key focus of those initiatives is twofold and comprises the introduction of specific governance requirements in relation to information and communication technology risk on the one hand and incident reporting obligations on the other hand.
In addition to sector specific initiatives, cyber risk is increasingly seen as a fundamental cross-sectoral policy field. Recent legislative developments express a growing appetite of policy makers to regulate cyber security in more depth. The evolving policy field leads to a growing complexity of the current landscape to help keeping track of the key legal acts and regulatory guidance applicable to banks operating in Germany. It focusses on the following aspects:
- Sector specific and cross-sectoral governance requirements and reporting obligations;
- Outsourcing of information and communication technology infrastructure, including cloud outsourcing;
- Crisis management in the event of an information security or cyber incident.