Statement by the Financial System Stability Committee on Cyber Resilience Principles

At the December 6, 2023  meeting of the Financial Policy Committee (FPC) of Bank of Jamaica, 10 Cyber Resilience Principles were approved, on the recommendation of the Financial System Stability Committee (FSSC).

The  Cyber Resilience Principles are: (1) Not Just an IT Issue, (2) Legal Basis, (3) Adequate Attention on Agenda, (4) Accountability with Expertise, (5)Transparent, Thorough and Targeted, (6) Defence in Depth, (7)Need-to-know, (8) Least Privilege, (9) Segregation of Duties and (10) Security by Design.

By applying these high-level principles, regulated entities in the Jamaican financial sector are expected to:

  • enhance board oversight of cyber risks to  ensure cyber resilience within financial institutions;
  • strengthen preparedness against cyber threats to facilitate rapid recovery from cyber incidents, thereby safeguarding financial system stability; and
  • promote cyber information and threat information sharing across the financial sector, involving both public and private stakeholders, to enhance overall resilience within the interconnected digital ecosystem.

Cyber resilience emphasises the demonstration of  the ability to secure critical systems amid cyber threats, ensuring functionality, security, and integrity. It goes beyond cybersecurity by enabling rapid recovery and continuous preparedness in the ever-evolving threat landscape while minimizing spill-over effects to the rest of financial system. The guiding principles on cyber resilience are not prescriptive in nature. Rather, they are intended to promote clarity, durability, and proportionality in setting expectations for  the management of cyber risks by  the board, management and staff of licensees as well as their third-party technology providers.

Grounded in relevant international standards, the 10 Cyber Resilience Principles,   along with several related key focus areas, have been approved by  Bank of Jamaica (BOJ), the Financial Services Commission (FSC) and the Jamaica Deposit Insurance Company (JDIC), on the recommendation of the FSSC.

The full publication of the FSSC Cyber Resilience Principles is available at: Cyber-Resilience-Principles.pdf

Financial System Stability Committee

14 December 2023


The Financial System Stability Committee (FSSC)provides support to  Bank of Jamaica in the area  of the identification, mitigation and control of systemic macroprudential threats to the financial system. The FSSC is largely tasked with:

(i)   undertaking assessments in relation to developments in the financial system and international markets as well as the links between the financial sector and developments in other sectors of the Jamaican economy and the global economy; and

(ii)  giving oversight to the design and conduct of periodic stress tests regarding plausible systemic threats to the stability of Jamaica’s financial system.

The FSSC is comprised of  Bank of Jamaica (BOJ), the Financial Services Commission,   the Jamaica Deposit Insurance Corporation , the Ministry of Finance as well as two members appointed by the Minister of Finance and the Public Service on the recommendation of the BOJ Governor.

The FSSC contributes to the development of prescriptive rules, standards and codes for financial institutions to address gaps and imbalances that could threaten the stability of the financial system. With  the passage of the amendments to the Bank of Jamaica Act in 2020, the FSSC  also makes recommendations to  Bank of Jamaica via the Financial Policy Committee on policies related to the Bank’s financial system stability mandate.

The Financial Policy Committee (FPC)is responsible for the financial policies of  Bank of Jamaica including those related to prudential supervision and macro prudential policy (financial system stability). The FPC is also responsible for matters relating to the payments and settlements systems, credit reporting and other financial policy matters for which the Bank has  responsibility.

– 30 –

Post Author: Editorial Team