On February 9, 2018, the BoE published a consultation paper on a new rule to formalize the supervisory expectation that CCPs will report any incidents relating to their information technology systems to the BoE. The BoE's move from a supervisory expectation to a rule will align its requirements with the U.K.'s approach to implementing the Cyber Security Directive. Under that Directive, CCPs are classed as operators of essential services and must take measures to manage risks to their network and information systems as well as notify their regulator of incidents which have a significant impact on the continuity of the services they provide.
The consultation paper states that the BoE encourages other financial market infrastructures to follow the rule. However, it will not be a binding requirement for them.
The consultation closes on April 3, 2018. The rule is expected to come into effect by May 9, 2018, which is the date by which Member States must implement the Cyber Security Directive.
The consultation paper is available at: https://www.bankofengland.co.uk/-/media/boe/files/paper/2018/new-rule-for-central-counterparties-relating-to-incident-reporting.pdf?la=en&hash=7BDD695F203DCDC5D52B1A44463C01D047382EB8.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.