Letter from the Bank, PRA, and FCA ‘2022 CBEST thematic findings’

The Prudential Regulation Authority (PRA), the Bank of England (BoE), and the Financial Conduct Authority (FCA) (the regulators) have published a joint (cover) letter addressing the findings from a recent thematic review of the cyber resilience of diverse financial market participants, including banks, insurance undertakings, asset and investment managers, and Financial Market Infrastructure (FMIs). The (cover) letter briefly describes the objectives of the so-called CBEST assessments which are used to determine such cyber resilience and which include the following:
– to ensure firms can benefit from the identified weaknesses so as to identify similar shortcomings in other key business areas and / or functions;
– to raise awareness of cyber resilience and the significance of such among senior personnel; and
– to support internal audit and risk management in their duties to monitor risks of financial market participants.
The (cover) letter does NOT specify details of the findings which have been sent to affected firms, but refers to the regulators‘ Implementation Guide which firms participating in CBEST assessments are encouraged to review. The guide explains „the key phases, activities, deliverables and interactions involved in a CBEST assessment“ to help firms understand the assessments and the processes involved in such.