Statement by the Financial System Stability Committee on Cyber Resilience Principles
At the December 6, 2023 meeting of the Financial Policy Committee (FPC) of Bank of Jamaica, 10 Cyber Resilience Principles were approved, on the recommendation of the Financial System Stability Committee (FSSC).
The Cyber Resilience Principles are: (1) Not Just an IT Issue, (2) Legal Basis, (3) Adequate Attention on Agenda, (4) Accountability with Expertise, (5)Transparent, Thorough and Targeted, (6) Defence in Depth, (7)Need-to-know, (8) Least Privilege, (9) Segregation of Duties and (10) Security by Design.
By applying these high-level principles, regulated entities in the Jamaican financial sector are expected to:
- enhance board oversight of cyber risks to ensure cyber resilience within financial institutions;
- strengthen preparedness against cyber threats to facilitate rapid recovery from cyber incidents, thereby safeguarding financial system stability; and
- promote cyber information and threat information sharing across the financial sector, involving both public and private stakeholders, to enhance overall resilience within the interconnected digital ecosystem.
Cyber resilience emphasises the demonstration of the ability to secure critical systems amid cyber threats, ensuring functionality, security, and integrity. It goes beyond cybersecurity by enabling rapid recovery and continuous preparedness in the ever-evolving threat landscape while minimizing spill-over effects to the rest of financial system. The guiding principles on cyber resilience are not prescriptive in nature. Rather, they are intended to promote clarity, durability, and proportionality in setting expectations for the management of cyber risks by the board, management and staff of licensees as well as their third-party technology providers.
Grounded in relevant international standards, the 10 Cyber Resilience Principles, along with several related key focus areas, have been approved by Bank of Jamaica (BOJ), the Financial Services Commission (FSC) and the Jamaica Deposit Insurance Company (JDIC), on the recommendation of the FSSC.
The full publication of the FSSC Cyber Resilience Principles is available at: Cyber-Resilience-Principles.pdf
Financial System Stability Committee
14 December 2023
Background:
The Financial System Stability Committee (FSSC)provides support to Bank of Jamaica in the area of the identification, mitigation and control of systemic macroprudential threats to the financial system. The FSSC is largely tasked with:
(i) undertaking assessments in relation to developments in the financial system and international markets as well as the links between the financial sector and developments in other sectors of the Jamaican economy and the global economy; and
(ii) giving oversight to the design and conduct of periodic stress tests regarding plausible systemic threats to the stability of Jamaica’s financial system.
The FSSC is comprised of Bank of Jamaica (BOJ), the Financial Services Commission, the Jamaica Deposit Insurance Corporation , the Ministry of Finance as well as two members appointed by the Minister of Finance and the Public Service on the recommendation of the BOJ Governor.
The FSSC contributes to the development of prescriptive rules, standards and codes for financial institutions to address gaps and imbalances that could threaten the stability of the financial system. With the passage of the amendments to the Bank of Jamaica Act in 2020, the FSSC also makes recommendations to Bank of Jamaica via the Financial Policy Committee on policies related to the Bank’s financial system stability mandate.
The Financial Policy Committee (FPC)is responsible for the financial policies of Bank of Jamaica including those related to prudential supervision and macro prudential policy (financial system stability). The FPC is also responsible for matters relating to the payments and settlements systems, credit reporting and other financial policy matters for which the Bank has responsibility.
– 30 –