Rules Navigator

FSB on FIRE, wants defences clarified

Cover of FIRE consultation document
Photo: FSB

Martin Cloake

 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

International body consults on common format for reporting operational incidents.

A push for greater convergence in incident reporting frameworks has been launched by the Financial Stability Board (FSB). The international body is keen to reduce fragmentation which could threaten financial stability.

It has launched a consultation on a Format for Incident Reporting Exchange (FIRE) that aims to create “a common format for financial firms’ reporting of operational incidents, including cyber incidents.” The format builds on recommendations published by the FSB in 2023.

The FSB says: “Greater convergence between reporting frameworks will support financial institutions’ efficient incident response and recovery, as well as more effective supervision and cooperation among authorities.” It says the framework “provides a set of common information items for reporting incidents” and “maximises flexibility and interoperability.”

Three distinct types of reporting have been identified by the FSB;

  • Institution-initiated reporting – reports made when incidents meet criteria of one of more financial authorities or are reported voluntarily.
  • Authority-initiated reporting – incident information is reported after a request made by one or more authorities in order to understand the effects of sector-wide incidents
  • Periodic reporting – incident-related information gathered on a regular basis, rather than being event-driven, from regulated institutions.

FIRE focuses on “defining common information items for institution-initiated reporting” because that is the most prevalent type of reporting. It covers the reporting of operational incidents, including cyber incidents, primarily from financial institutions to financial authorities. The inclusion of cyber resilience extends the scope of the FSB’s work in that area.

While detailed reporting by institutions outside the financial sector does not come within FIRE’s primary scope, the FSB believes the framework is sufficiently flexible for use by non-financial institutions. Financial entities can also choose to use FIRE in their dealings with third-party providers.

The consultation period will be used to validate that the framework is fit for purpose, and to test its robustness. Responses to the consultation need to be submitted via a secure online form by December 19, 2024.

, , , , ,

You may also like