Build on experience, shape your future
ROCHAT¦Advisory
regPULSE
ROCHAT¦Advisory welcomes you on regPULSE,
the dedicated Regulatory Digest Platform
What's New
Would you be interested in receiving the "Weekly Regulatory Digest", a key piece of information on a regular basis? Click here for the look and feel of a past issue! Don't hesitate to ask me for a quote or a free trial period.
Wondering what you would get?
This presentation provides a description of the various components making up the delivery package. Have a look; it is worth it!
You will find the latest updates below...
Weekly Regulatory Digest • Last release: WRD24-37/38
19 September 2024
The latest issue of the "Weekly Regulatory Digest" was addressed for subscribers' information, reference, and perusal. This week's delivery included 40 "pulses" from 27 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for recipients' ease of use.
-
Recipients have further been informed that ASIC expanded its operational resilience guidance for market participants [# 18], SBA announced that three Swiss banks signed an MoU to explore the feasibility of a jointly issued CHF deposit token [# 27], FINMA launched enforcement actions against Mirabaud & Cie SA for serious violation of financial market law [# 33], and BaFin invites participants to the sixth digital money laundering conference, which will take place on 5 December 2024. Registration for the conference is now open [# 40]
Weekly Regulatory Digest • Past release: WRD24-36/37
12 September 2024
The latest issue of the "Weekly Regulatory Digest" was addressed for subscribers' information, reference, and perusal. This week's delivery included 46 "pulses" from 34 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for recipients' ease of use.
-
CIIA launched a new Internal Audit Code to strengthen corporate governance [# 25]
-
PRA addressed a Dear CRO Letter on thematic findings of the internal audit review of the CRM framework of non-systemic UK Deposit Takers [# 34]
-
Recipients have further been informed that PRA published the second PS on Basel 3.1 [# 14], PRA published proposals on the strong and simple capital regime for smaller firms [# 15], and FFIEC published the new development, acquisition, and maintenance booklet of the IT examination handbook [# 17].
Weekly Regulatory Digest • Past release: WRD24-35/36
5 September 2024
The latest issue of the "Weekly Regulatory Digest" was addressed for subscribers' information, reference, and perusal. This week's delivery included 42"pulses" from 29 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for recipients' ease of use.
-
IIA published a new Guidance on implementing an internal audit strategic plan [# 25]
-
IIA released Part 2 GKB Social, Human Capital, Culture, on “A Culture Audit Roadmap” [# 26]
-
Recipients have further been informed that BaFin updated the Circular on the supervision and governance of banking products in the retail sector [# 9], FINMA launched a consultation on a new circular addressing consolidated supervision under the BA and FinIA [# 11], NIST signed agreements regarding AI safety research, testing, and evaluation with Anthropic and OpenAI [# 29], IMF published a FinTech Note on CBDC data use and privacy protection [# 32], and BIS published a WP on GenAI and labor productivity: a field experiment on coding [# 37].
Weekly Regulatory Digest • Past release: WRD24-34/35
29 August 2024
The latest issue of the "Weekly Regulatory Digest" was addressed for subscribers' information, reference, and perusal. This week's delivery included 36 "pulses" from 26 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for recipients' ease of use.
-
IIA issued a new issue of Tone at the Top on Auditing Culture [# 17]
-
ECIIA published DORA 2024 – The role and strategies of internal audit at insurance undertakings ahead of the compliance deadline [# 18]
-
Recipients have further been informed that FINMA recognized the minimum standards for the training and further education of insurance intermediaries [# 5], and IIA Global Perspectives & Insight, Sustainability, Part 1 to Part 3.
Weekly Regulatory Digest • Past release: WRD24-33/34
22 August 2024
The latest issue of the "Weekly Regulatory Digest" was addressed for subscribers' information, reference, and perusal. This week's delivery included 42 "pulses" from 26 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for recipients' ease of use.
-
SEBI published a Circular on cybersecurity and cyber resilience framework for SEBI-regulated entities [# 14]
-
NIST released the second public draft of digital identity guidelines (SP-800-63-4, with companion documents A, B, C) for final review [# 27]
-
Recipients have further been informed that HKMA published a Circular on consumer protection in respect of the use of GenAI [# 7], SC’s guidelines on technology risk management are now in effect [# 8], FC adopted an interim solution for withholding tax on too-big-to-fail instruments [# 19], and HKMA published a Circular on good practices in climate-related risk governance [# 28].
Weekly Regulatory Digest • Past release: WRD24-32/33
15 August 2024
The latest issue of the "Weekly Regulatory Digest" was addressed for subscribers' information, reference, and perusal. This week's delivery included 33 "pulses" from 21 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for recipients' ease of use.
-
NIST released the first three finalized post-quantum encryption standards [# 16]
-
Recipients have further been informed that the Swiss Federal Council launched a consultation on the determination of partner states for the AEOI concerning crypto assets [# 11], HKMA and Cyberport Launched the GenAI Sandbox to Bolster AI Adoption in the Financial Sector [# 2], and SEC charged 26 firms more than USD 390m for widespread recordkeeping failures [# 32].
Weekly Regulatory Digest • Past release: WRD24-31/32
8 August 2024
The latest issue of the "Weekly Regulatory Digest" was addressed for subscribers' information, reference, and perusal. This week's delivery included 46 "pulses" from 30 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for recipients' ease of use.
-
NIST released SP 1800-35 preliminary draft practice guide “Implementing a Zero Trust Architecture” [# 28]
-
IIA released a GKB on Internal Audit’s role in human capital management (Social/Human Capital/Culture, Part 1) [# 30]
-
ECIIA released a new paper on risk culture in banking [# 31]
-
Recipients have further been informed that the EU Commission notified that the EU Act on Artificial Intelligence (AI) came into force on 1 August 2024 [# 1]
Weekly Regulatory Digest • Last release: WRD24-30/31
1 August 2024 🇨🇭
The latest issue of the "Weekly Regulatory Digest" was addressed for subscribers' information, reference, and perusal. This week's delivery included 82 "pulses" from 39 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for recipients' ease of use.
-
FINMA published guidance on stablecoins [# 17]
-
ECB consults on governance and risk culture [# 51]
-
NIST published SP 800-231 Bugs Framework: formalizing cybersecurity weaknesses and vulnerabilities [# 56]
-
NIST published SP 800-201 NIST cloud computing forensic reference architecture [# 57]
-
IIA published a revised Global Practice Guide: Assessing the Risk Management Process (2nd Edition) [# 61]
-
Recipients have further been informed that ESAs published a joint final Report on the draft technical standards on subcontracting under DORA [# 21], ECB concluded the cyber resilience stress test [# 54], NIST released various documents linked to President Biden's Executive Order (EO) on the Safe, Secure, and Trustworthy Development of AI [# 55], IASB proposed amendments to IFRS 19 Subsidiaries without Public Accountability: Disclosures [# 58], IASB proposed illustrative examples to improve reporting of climate-related and other uncertainties in financial statements [# 60], and OCC released the cybersecurity and financial system resilience report [# 75].
Weekly Regulatory Digest • Past release: WRD24-29/30
24 July 2024
The news about the CrowdStrike events has spread worldwide. Most regulatory and supervisory authorities have released warnings, best practices, and expectations regarding this matter. Therefore, this information is not included in this WRD.
The latest issue of the "Weekly Regulatory Digest" was addressed for subscribers' information, reference, and perusal. This week's delivery included 44 "pulses" from 31 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for recipients' ease of use.
-
NIST released the risk management framework (RMF) for small enterprises, quick start guide [# 25]
-
IIA published a new resource on generative artificial intelligence (GenAI) governance framework [# 26]
-
Recipients have further been informed that FCA called on firms to improve the treatment of politically exposed persons (PEPs) [# 4], and AMF and BdF called for a well-anticipated move to T+1 Settlement Cycle in the EU [# 33].
Weekly Regulatory Digest • Last release: WRD24-28/29
18 July 2024
The latest issue of the "Weekly Regulatory Digest" was addressed for subscribers' information, reference, and perusal. This week's delivery included 56 "pulses" from 33 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for recipients' ease of use.
-
BCBS published the final disclosure framework for banks' crypto-asset exposures and targeted amendments to its crypto-asset standard [# 39]
-
IIA released GKB on Sustainability Part 3: Change management strategies for successful sustainability governance [# 40]
-
IIA published a report on “Internal Audit: Vision 2035 – Creating Our Future Together” [# 41]
-
Recipients have further been informed that FINMA published the ex-post evaluation report on the disclosure requirements for climate risks [# 1], CSSF informed that the Luxembourg “DORA Law” has been published in the Official Journal [# 2], FINMA published guidance on the obligations of insurance companies regarding their insurance distribution [# 22], BCBS published a report on the recalibration of shocks in the interest rate risk in the banking book standard [# 36], and MAS commits up to SGD 100m to support quantum and AI capabilities in the financial sector [# 52].
Weekly Regulatory Digest • Past release: WRD24-27/28
11 July 2024
The latest issue of the "Weekly Regulatory Digest" was addressed for subscribers' information, reference, and perusal. This week's delivery included 55 "pulses" from 31 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for recipients' ease of use.
-
FATF published a report on the horizontal review of gatekeepers’ technical compliance related to corruption [# 34]
-
BCBS consults on principles for the sound management of third-party risk [# 35]
-
FATF published a report presenting a targeted update on the implementation of FATF standards on VAs and VASPs [# 36]
-
Recipients have further been informed that ESMA launched a consultation on reporting requirements and governance expectations for some supervised entities [# 12], ESMA also consults on Liquidity Management Tools for funds [# 13], and FINMA published a revised ordinance and circulars affecting the insurance sector [# 23].
Weekly Regulatory Digest • Past release: WRD24-26/27
4 July 2024 🇺🇸
The latest issue of the "Weekly Regulatory Digest" was addressed for subscribers' information, reference, and perusal. This week's delivery included 73 "pulses" from 39 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for recipients' ease of use.
-
Wolfsberg Group issued a statement on the effective monitoring of suspicious activity [# 46]
-
Recipients have further been informed that FINRA reminded members of regulatory obligations when using GenAI and LLMs [# 6], EU published the adoption of the new banking package (CRD VI and CRR III) in the Official Journal of the EU [# 26], FINRA published a Cybersecurity Alert on MOVEit Software Vulnerability (CVE-2024-5806) [# 39], and FATF informed about the outcome of the Plenary Meeting from 26 to 28 June 2024 [# 42].
Weekly Regulatory Digest • Past release: WRD24-25/26
27 June 2024
The latest issue of the "Weekly Regulatory Digest" was addressed for subscribers' information, reference, and perusal. This week's delivery included 58 "pulses" from 28 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for recipients' ease of use.
-
Recipients have further been informed that the Swiss Federal Council (FC) launched a consultation on amendments to the Financial Market Infrastructure Act [# 1], FC further confirmed the implementation of the final Basel III standards with effect from 1 January 2025 [# 25], FINRA launched a cyber alert on ONNX Store, purportedly targeting firms in quishing attacks [# 33], MAS announced the publication of Singapore’s National asset recovery strategy [# 37], and finally, UK CIIA business poll reveals AI is likely to fuel a surge in cyber, fraud, and economic crime [# 41].
Weekly Regulatory Digest • Past release: WRD24-24/25
20 June 2024
The latest issue of the "Weekly Regulatory Digest" was addressed for subscribers' information, reference, and perusal. This week's delivery included 45 "pulses" from 35 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for recipients' ease of use.
-
NIST published draft IR-8505 A Data Protection Approach for Cloud-Native Applications [# 17]
-
IIA released a new Tone at the Top on Critical AI governance considerations [# 22]
-
Recipients have further been informed that the Swiss Federal Council (FC) took note of the financial sector’s new self-regulatory provisions to combat greenwashing [# 11], CSSF published a Communiqué on the new AML/CFT Regulation, the sixth AML/CFT Directive, and the future EU AML/CFT supervisor [# 12], ENISA is now authorized as a Common Vulnerabilities and Exposures (SVE) Numbering Authority [# 23], FC published a report on combating cybercrime in Switzerland [# 34], and FINMA concluded its antitrust control procedure in relation to the merger of UBS and CS [# 35].
Weekly Regulatory Digest • Past release: WRD24-23/24
13 June 2024
The latest issue of the "Weekly Regulatory Digest" was addressed for subscribers' information, reference, and perusal. This week's delivery included 38 "pulses" from 28 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for recipients' ease of use.
-
FINMA published Guidance 03/2024 on Cyber Risks [# 6]
-
FINMA published Guidance 04/2024 on Operational Risk Management by FMC and CIS Managers [# 11]
-
NIST consults on IR 8517 Hardware security failure scenarios – Potential weaknesses in hardware design [# 20]
-
Recipients have further been informed that EBA consults on a new framework for operational risk loss [# 4], EFRAG finalized three European Sustainability Reporting Standards (ESRS) implementation guides [# 13], and FINRA issued a Cybersecurity Advisory on SEC amendments to Regulation S-P [# 14].
Weekly Regulatory Digest • Past release: WRD24-22/23
6 June 2024
The latest issue of the "Weekly Regulatory Digest" was addressed for subscribers' information, reference, and perusal. This week's delivery included 44 "pulses" from 31 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for recipients' ease of use.
-
NIST published the draft SP 1800-36 Trusted IoT Device Network-Layer Onboarding and Lifecycle Management [# 24]
-
IIA published GKB Sustainability Part 2: how the focus on sustainability is driving data governance [# 30]
-
IIA released a new GPG on Building an effective internal audit function in the public sector (2nd edition) [# 31]
-
Recipients have further been informed that the ECB launched a consultation on outsourcing cloud services [# 10], EBA and ESMA consult on the review of the investment firms' prudential framework [# 11], ESAs published their final reports on greenwashing in the financial sector [# 15], AMAS and SSF presented the Swiss Climate Scores Template 2.0 [# 18], CSSF published a Communiqué on NPOs and the fight against terrorism financing [# 19], IASB issued narrow-scope amendments to classification and measurement requirements for financial instruments [# 20], CSSF announced a critical vulnerability in Check Point VPN (CVE-2024-24919) [# 21], ESMA provided guidance to firms using artificial intelligence in investment services [# 23], and EDPS released Guidelines on generative AI: embracing opportunities, protecting people [# 25].
Weekly Regulatory Digest • Past release: WRD24-21/22
30 May 2024
The latest issue of the "Weekly Regulatory Digest" was addressed for subscribers' information, reference, and perusal. This week's delivery included 50 "pulses" from 30 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for recipients' ease of use.
-
IFRS Foundation released a Jurisdictional Guide to support regulators to take steps towards ISSB Standards [# 28]
-
Recipients have further been informed that BaFin released a MaRisk for payment and e-money institutions for the first time [# 12], BaFin released the 8th amended MaRisk for banks [# 19], NIST launched ARIA, a new program to advance sociotechnical testing and evaluation for AI [# 27], US Treasury released the first-ever NFT illicit finance risk assessment [# 31], BIS published a paper on generative AI and cybersecurity in central banking [# 33], ECB announced its intention to reform the SREP to deliver more efficient and effective supervision [# 38], and IFRS Foundation and the African Development Bank will join forces to promote sustainability-related financial disclosures [# 40].
Weekly Regulatory Digest • Past release: WRD24-20/21
23 May 2024
The latest issue of the "Weekly Regulatory Digest" was addressed for subscribers' information, reference, and perusal. This week's delivery included 34 "pulses" from 30 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for recipients' ease of use.
-
BCBS published a report on the digitalization of finance [# 15]
-
NIST informed on the US strategic vision on AI safety and plan for global cooperation among AI safety institutes [# 24]
-
Recipients have further been informed that the EU Council approved conclusions for a more cyber-secure and resilient Union [# 8], the Swiss Federal Council (FC) adopted a dispatch (Bill) on strengthening the Swiss anti-money laundering framework [# 11], and COSO and NACD will develop a Corporate Governance Framework with the assistance of PwC US [# 26].
Weekly Regulatory Digest • Past release: WRD24-19/20
16 May 2024
The latest issue of the "Weekly Regulatory Digest" was addressed for subscribers' information, reference, and perusal. This week's delivery included 46 "pulses" from 33 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for recipients' ease of use.
-
NIST finalized the updated Guidelines for protecting sensitive information [# 31]
-
Recipients have further been informed that FINMA consults on revising its Circular on liquidity for insurers [# 10], FC launched a consultation on extending the international automatic exchange of information in tax matters to crypto assets [# 18], FINMA consults on a new circular on the rules of conduct under FinSA [# 19], JFSA released the latest revision of the “Discussion Paper for Dialogues on Practices of IT Governance at Financial Institutions” [# 27].
Weekly Regulatory Digest • Past release: WRD24-18/19
8 May 2024
The latest issue of the "Weekly Regulatory Digest" was addressed for subscribers' information, reference, and perusal. This week's delivery included 37 "pulses" from 24 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for recipients' ease of use.
-
NIST published IR 8504, Access Control on NoSQL Databases [# 20]
-
IIA released the complete Global Internal Audit Standards and mapping documents to the 2017 Standards[# 22]
-
Recipients have further been informed that EBA published the final draft technical standards under the Markets in Crypto-Assets Regulation [# 13], CFTC released a report on Responsible AI in financial markets [# 16], IIA published a Report on the standard-setting and public comment process [# 21], and IIA released an AI use case on operational planning [# 23].
Weekly Regulatory Digest • Past release: WRD24-17/18
2 May 2024
The latest issue of the "Weekly Regulatory Digest" was addressed for subscribers' information, reference, and perusal. This week's delivery included 39 "pulses" from 25 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for recipients' ease of use.
-
BCBS consults on Guidelines for counterparty credit risk management [# 26]
-
IIA released a Global Practice Guide on Internal Auditing and Fraud, 3rd edition [# 28]
-
IIA published a new Tone-at-the-Top issue on “What New SEC Climate-Related Disclosure Rules Mean for Boards?” [# 29]
-
IIA published a report on “Fueling the Internal Audit Student Talent Pipeline: Perspectives from Educators and Practitioners” [# 30]
-
Recipients have further been informed that RBI published a new Guidance Note on Operational Risk Management and Operational Resilience [# 10], FSB introduced a new global standard to support the orderly resolution of a central counterparty (CCP) [# 20], FSB updated the Key attributes of effective resolution regimes for financial institutions [# 21], CSSF announced critical vulnerabilities in Cisco ASA software/appliance and FTD software [# 22], and ISSB published the IFRS Sustainability Disclosure Taxonomy (ISSB Taxonomy) [# 27]
Weekly Regulatory Digest • Past release: WRD24-16/17
25 April 2024
The latest issue of the "Weekly Regulatory Digest" was addressed for subscribers' information, reference, and perusal. This week's delivery included 49 "pulses" from 35 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for recipients' ease of use.
-
IIA released GKB on Sustainability – Part 1: Preparing for the next wave of sustainability regulations [# 33]
-
Recipients have further been informed that ESAs consult on RTS for joint examination teams under DORA [# 2], FINMA announced a review of the existing disclosure requirements related to climate risks [# 9], AFM reminded that EMIR Refit reporting obligations come into effect [# 22], the EU Parliament adopted new rules to combat money-laundering [# 25], G7 cyber expert group conducted a cross-border coordination exercise in the financial sector [# 31], and IIA released a Gen-AI use case demonstration on the risk assessment process [# 34].
Weekly Regulatory Digest • Past release: WRD24-15/16
18 April 2024
The latest issue of the "Weekly Regulatory Digest" was addressed for subscribers' information, reference, and perusal. This week's delivery included 34 "pulses" from 25 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for recipients' ease of use.
-
BCBS consults on the role of climate scenario analysis in managing and supervising climate-related financial risks [# 19]
-
Recipients have further been informed that CSSF informed about a critical vulnerability on Palo Alto Networks PAN-OS [# 14], ESRB published a report on the operational policy tools for cyber resilience [# 17], and BIS published a working paper on “Finternet: the financial system for the future” [# 30].
Weekly Regulatory Digest • Past release: WRD24-14/15
15 April 2024
The latest issue of the "Weekly Regulatory Digest" was addressed for subscribers' information, reference, and perusal. This week's delivery included 41 "pulses" from 33 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for recipients' ease of use.
-
Recipients have further been informed that the Swiss Federal Council proposed measures to close gaps in the too-big-to-fail regulation to foster banking stability following the Credit Suisse collapse [# 7], IASB released the new Standard IFRS 18 Presentation and Disclosure in Financial Statements [# 14], ESAs announced a voluntary dry-run exercise to prepare for the next stage of DORA implementation [# 18], SBA published a discussion paper on Climate Finance [# 27], and FSI published a paper on Stablecoins: regulatory responses to their promise of stability [# 32].
Weekly Regulatory Digest • Past release: WRD24-13/14
4 April 2024
The latest issue of the "Weekly Regulatory Digest" was addressed for subscribers' information, reference, and perusal. This week's delivery included 47 "pulses" from 37 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for recipients' ease of use.
-
NIST consults on SP 800-63r3 - Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile [# 24]; and
-
IIA recommended ACCA’s publication on AI in the finance profession[# 27].
-
Recipients have further been informed that FATF published an implementation status of Recommendation 15 by FATF members and jurisdictions with materially important VASP activity [# 20]; IIA Opens for Public Comment a Survey for Cybersecurity Topical Requirement (i.e., part of the Global Internal Audit Standards) [# 26]; and HMT acknowledged and responded to the Accelerated Settlement Taskforce report (i.e., acceptance by the UK Government of proposals to introduce the T+1 settlement cycle) [# 30]
Weekly Regulatory Digest • Past release: WRD24-12/13
29 March 2024
The latest issue of the "Weekly Regulatory Digest" was addressed for subscribers' information, reference, and perusal. This week's delivery included 55 "pulses" from 33 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for recipients' ease of use.
-
Wolfsberg Group released the updated Principles for auditing for effectiveness [# 26]
-
ENISA published its 2024 update to the Foresight Cybersecurity threats for 2030 [# 27]
-
COSO published a new report on “Alternate Data: The COSO Perspective” [# 28]
-
IIA published the third Innovation and Technology GKB (Part 3) on Internal Audit’s Tech Talent Challenge [# 31]
-
IIA published a tool and a user’s guide to model internal audit charter [# 32]
-
Recipients have further been informed that FINMA published several ordinances to implement the final Basel III standards [# 16], FINMA recognizes adjustments to the mortgage loans self-regulation [# 17], AMAS announced a new publication on “Sustainability Risk Management” Recommendations [# 24], SBA informed on the new crypto automatic exchange of information [# 33].
Weekly Regulatory Digest • Past release: WRD24-11/12
21 March 2024
The latest issue of the "Weekly Regulatory Digest" was addressed for subscribers' information, reference, and perusal. This week's delivery included 37 "pulses" from 30 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for recipients' ease of use.
-
Recipients have further been informed that EBA updated the list of institutions involved in the 2024 supervisory benchmarking exercise [# 10], IAIS consults on an Application Paper on supervising diversity, equity, and inclusion [# 12], FSB published a revised Guidance on the arrangements to support the operational continuity in resolution [# 13], IAIS consults on climate risk supervisory guidance – ICP guidance and supporting material [# 17], ECB and EBA step up efforts to make banking data reporting more efficient [# 24], and FINMA held its annual media conference on seeking to achieve stability in the financial sector [# 28].
Weekly Regulatory Digest • Past release: WRD24-10/11
14 March 2024
The latest issue of the "Weekly Regulatory Digest" was addressed for subscribers' information, reference, and perusal. This week's delivery included 55 "pulses" from 35 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for recipients' ease of use.
-
NIST released version 2.0 of the landmark Cybersecurity Framework (CSF version 2.0) [# 30]
-
FATF published Guidance on beneficial ownership and transparency of legal arrangements [# 35]
-
Wolfsberg Group announced the revision and update of its Statement on the Suppression of the Financing of Terrorism [# 36]
-
IIA informed that it is reviewing the US SEC's new climate change disclosure rule [# 38] and published a Bulletin on this topic [# 39]
-
IIA released the 2024 North American Pulse of Internal Audit [# 40]
-
Recipients have further been informed that the EU Parliament adopted the Cyber Resilience Regulation to boost the security of digital products [# 23], the EU Parliament adopted a landmark law on Artificial Intelligence (AI) [# 26], and AFM published its third DORA update on how to develop an ICT risk management framework [# 31].
Weekly Regulatory Digest • Past release: WRD24-09/10
7 March 2024
The latest issue of the “Weekly Regulatory Digest” was addressed for subscribers' information, reference, and perusal. This week's delivery included 50 "pulses" from 33 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for ease of use by recipients
-
NIST released an Internal Report IR 8472 on Non-Fungible Token Security [# 30]
-
Wolfsberg Group published an updated Country Risk FAQs [# 31]
-
IIA released a new issue of Tone-at-the-Top on "What New Internal Audit Standards Mean to the Board" [# 36|
-
IIA published the last part of the Privacy and Data Protection report on Insights into an effective collaboration between IA and privacy professionals [# 37]
-
Recipients have further been informed that the EU Commission welcomed the political agreement on the Cyber Solidarity Act [# 24]; and NIST announced its intent to revise SP 800-38D Recommendation for block cipher modes of operation [# 32].
Weekly Regulatory Digest • Past release: WRD24-08/09
29 February 2024
The latest issue of the “Weekly Regulatory Digest” was addressed for subscribers' information, reference, and perusal. This week's delivery included 50 "pulses" from 34 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for ease of use by recipients
-
ENISA published a study on the Best Practices for Cyber Crisis Management [# 33]
-
IIA published a GKB on Innovation and Technology Part 2: Staying on Top of the Organization’s Technology Adoption [# 35]
-
Recipients have further been informed that CBN consults on the risk-based cybersecurity framework and guidelines for deposit money banks and payment service banks [# 1], BaFin updated the MaComp Circular [# 24], FATF published the Outcome of the FATF Plenary, 21 to 23 February 2024 [# 28], FATF consults on Recommendation 16 on payment transparency [# 29], FSB recommended further strengthening of the framework for G-SIBs in Switzerland [# 34], and FDF announced an increase in money laundering and terrorist financing risks due to cryptocurrencies [# 42].
Weekly Regulatory Digest • Past release: WRD24-07/08
22 February 2024
The latest issue of the “Weekly Regulatory Digest” was addressed for subscribers' information, reference, and perusal. This week's delivery included 42 "pulses" from 29 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for ease of use by recipients
-
Recipients have further been informed that BaFin consults on the 8th amendment of MaRisk [# 1], JFSA published an interim progress report on "Improving Internal audits of Financial Institutions" [# 24], and MAS released an advisory on addressing the cybersecurity risks associated with quantum computing [# 26].
Weekly Regulatory Digest • Past release: WRD24-06/07
15 February 2024
The latest issue of the “Weekly Regulatory Digest” was addressed for subscribers' information, reference, and perusal. This week's delivery included 38 "pulses" from 28 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for ease of use by recipients
-
NIST published Special Publication SP 800-223 High-Performance Computing Security [# 16]
-
Recipients have further been informed that the IAASB proposed revisions to strengthen auditors’ efforts related to fraud [# 17], CSSF published a Communiqué on a warning over critical FortiOS vulnerabilities [# 19], and IIA introduced new resources to facilitate the implementation of the New Global Internal Audit Standards [# 25].
Weekly Regulatory Digest • Past release: WRD24-05/06
8 February 2024
The latest issue of the “Weekly Regulatory Digest” was addressed for subscribers' information, reference, and perusal. This week's delivery included 58 "pulses" from 37 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for ease of use by recipients
-
HKMA published a report on the Digitalization of AML / CFT Supervision: Where Now and What Next? [# 53]
-
Recipients have further been informed that BaFin published a supervisory notice on outsourcing to cloud providers [# 5], CSSF published a Warning on Ivanti gateways active vulnerabilities exploited in Luxembourg [# 33], and also ENISA released a Warning on Ivanti Connect Secure and Ivanti Policy Secure vulnerabilities [# 38].
Weekly Regulatory Digest • Past release: WRD24-04/05
1 February 2024
The latest issue of the “Weekly Regulatory Digest” was addressed for subscribers' information, reference, and perusal. This week's delivery included 53 "pulses" from 33 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for ease of use by recipients
-
NIST Published a Draft Internal Report on Access Control on NoSQL Databases [# 30]
-
NIST Consults on a Guide for Mapping Types of Information and Systems to Security Categories [# 31]
-
IIA Released New GKB on Innovation and Technology, Part 1: Internal Audit’s Role in Technology Assurance [# 32]
-
Recipients have been informed that RBI published a Notification on the Streamlining of the internal compliance monitoring function – leveraging the use of technology [# 15], the Swiss FC puts a legal basis for the new L-QIF fund category into force [# 16], OSFI released the final Integrity and Security Guideline [# 20], FSC Seeks to Bolster Cyber and Information Security Capacity and Resilience of Financial Industry [# 22], and FINRA published a Cybersecurity Alert on LockBit (Threat Actor) [# 25].
Weekly Regulatory Digest • Past release: WRD24-03/04
25 January 2024
The latest issue of the “Weekly Regulatory Digest” was addressed for subscribers' information, reference, and perusal. This week's delivery included 40 "pulses" from 24 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for ease of use by recipients
-
Recipients have been informed that EBA consults on Guidelines on the management of ESG risks [# 4], and BaFin is increasing its focus on IT risks [# 32].
Weekly Regulatory Digest • Past release: WRD24-02/03
18 January 2024
The latest issue of the “Weekly Regulatory Digest” was addressed for subscribers' information, reference, and perusal. This week's delivery included 47 "pulses" from 29 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for ease of use by recipients
-
ESAs published the first set of rules under DORA for ICT and third-party risk management and incident classification [# 19]
-
NIST Consults on a Draft Measurement Guide for Information Security in two Volumes [# 27]
-
Separately, recipients have been informed that the Wolfsberg Group published the revised Guidance on SWIFT RMA Due Diligence [# 23].
Weekly Regulatory Digest • Past release: WRD24-01/02
11 January 2024
The latest issue of the “Weekly Regulatory Digest” was addressed for subscribers' information, reference, and perusal. This week's delivery included 32 "pulses" from 25 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for ease of use by recipients
-
NIST Seeks Comments on a Pre-Draft of the Information Security Handbook: A Guide for Managers (SP 800-100) [# 21]
-
IIA Released GKB Cybersecurity Part 3: Cybersecurity Third-Party Risk Management [# 22]
-
IIA Released the 2024 Global Internal Audit Standards [# 23]
-
BIS Published a Bulletin on Testing the Cognitive Limits of Large Language Models [# 24]
-
Separately, recipients have been informed that the EU Commission Reminded that New Rules Boosting the Cybersecurity of EU Institutions Enter into Force [# 17], and the G30 Released a Report on Bank Failures and Contagion: Lender of Last Resort, Liquidity, and Risk Management [# 31]
Weekly Regulatory Digest • Last release: WRD23-52/01
4 January 2024
The latest issue of the “Weekly Regulatory Digest” was addressed for subscribers' information, reference, and perusal. This week's delivery included 23 "pulses" from 13 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for ease of use by recipients
-
ECB announced its intention to stress test the banks' ability to recover from a cyberattack [# 21]
-
Separately, recipients have been informed that the Chinese National Financial Regulatory Administration NFRA (formerly the CBIRC) issued revised Rules on operational risk management of banking and insurance institutions [# 8].
Weekly Regulatory Digest • Past release: WRD23-51/52
28 December 2023
The latest issue of the “Weekly Regulatory Digest” was addressed for subscribers' information, reference, and perusal. This week's delivery included 31 "pulses" from 25 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for ease of use by recipients
-
Separately, recipients have been made informed that HKMA published a Circular on Managing cyber risk associated with third-party service providers [# 1].
Weekly Regulatory Digest • Past release: WRD23-50/51
22 December 2023
The latest issue of the “Weekly Regulatory Digest” was addressed for subscribers' information, reference, and perusal. This week's delivery included 92 "pulses" from 43 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for ease of use by recipients.
-
NIST released two preliminary drafts for migration to the post-quantum cryptography project [# 63]
-
IIA published a new Tone-at-the-Top edition on Risk Considerations for Directors in 2024 [# 68]
-
IIA announced the launch of an AI Knowledge Center [# 69]
-
FINMA published its report on lessons learned from the Credit Suisse crisis [# 83]
-
Separately, recipients have been made aware that BoE, PRA, and FCA consult on Operational resilience: Critical third parties to the UK financial sector [# 2], EU Commission welcomed the political agreement on the Artificial Intelligence Act [# 10], EU Council and Parliament agreed to create a new Anti-money laundering authority AMLA [# 30], FINMA published a guidance on staking services [# 39], and JFSA published the results of the financial industry-wide cybersecurity exercise DELTA Wall VIII [# 57].
Weekly Regulatory Digest • Past release: WRD23-49/50
14 December 2023
The latest issue of the “Weekly Regulatory Digest” was addressed for subscribers' information, reference, and perusal. This week's delivery included 66 "pulses" from 34 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for ease of use by recipients.
-
Separately, recipients have been made aware that BoE, PRA, and FCA consult on Operational resilience: Critical third parties to the UK financial sector [# 2], EU Commission welcomed the political agreement on the Artificial Intelligence Act [# 10], EU Council and Parliament agreed to create a new Anti-money laundering authority AMLA [# 30], FC decided to further develop the Swiss Climate Scores [# 39], EIB and multilateral development banks published the first common principles for nature-positive finance [# 41], FINRA Released a Cybersecurity Advisory on Holiday Cybersecurity Practices [# 44], IIA-France outlined an approach to using ChatGPT on a private document without compromising security and confidentiality [# 48], and IIA’s Standards Board Approved the Global Internal Audit Standards [# 49].
Weekly Regulatory Digest • Past release: WRD23-48/49
7 December 2023
The latest issue of the “Weekly Regulatory Digest” was addressed for subscribers' information, reference, and perusal. This week's delivery included 66 "pulses" from 43 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for ease of use by recipients.
-
FSB published a toolkit for enhancing third-party risk management and oversight [# 32]
-
ENISA published a new report on the Treat Landscape for DoS Attacks – 2023 [# 37]
-
IIA published a new GKB on Cybersecurity Part 2: Artificial Intelligence – Cybersecurity Friend and Foe [# 39]
-
Separately, recipients have been made aware that the EU Commission welcomed the political agreement on the Cyber Resilience Act [# 6], ESAs put forward amendments to sustainability disclosures for the financial sector [# 11], IOSCO consults on promoting the integrity and orderly functioning of the Voluntary Carbon Markets [# 27], AFM published a DORA update: emphasis on managing IT risk for third-party providers [# 49], and NIST provided access to the Cybersecurity and Privacy Reference Tool (CPRT) [# 53].
Weekly Regulatory Digest • Past release: WRD23-47/48
30 November 2023
The latest issue of the “Weekly Regulatory Digest” was addressed for subscribers' information, reference, and perusal. This week's delivery included 61 "pulses" from 38 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for ease of use by recipients.
-
Separately, recipients have been made aware that the Swiss Federal Council amended the Capital Adequacy Ordinance to implement the final Basel III standards to enter into force in 2025 [# 22], BCBS published a report on implementing Principles for effective risk data aggregation and reporting [#33], BCBS consults on a disclosure framework for climate-related financial risk [# 37], and BIS published a Supervisory newsletter on the adoption of POR and PSMOR [#48].
Weekly Regulatory Digest • Past release: WRD23-36/37
14 September 2023
The latest issue of the “Weekly Regulatory Digest” was addressed for subscribers' information, reference, and perusal. This week's delivery included 39 "pulses" from 31 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for ease of use by recipients.
-
NIST Released SP-800-207A on A Zero Trust Architecture Model for Access Control in Cloud-Native Applications in Multi-Location Environments [# 20]
-
BIS - Upside down: when AT1 instruments absorb losses before equity [# 33]
-
Separately, recipients have been made aware that the EU Commission proposed to simplify tax rules and reduce compliance costs for cross-border businesses [# 8], the IMF published A Guide to CBDC Product Development [# 14], AMAS released a Circular on Best practice regarding the environmental indicators for real estate funds [# 16], the OECD published the revised G20/OECD Principles of Corporate Governance and, separately, the Factbook 2023 [# 17], and FINMA published the Insurance market report 2022 [# 25].
Weekly Regulatory Digest • Past release: WRD23-35/36
7 September 2023
The latest issue of the “Weekly Regulatory Digest” was addressed for subscribers' information, reference, and perusal. This week's delivery included 38 "pulses" from 23 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for ease of use by recipients.
-
Swiss Federal Council Launched a Consultation on the Introduction of a Public Liquidity Backstop (PLB) for SIBs [# 8];
-
ENISA Published a Report on the Subsea Cable Ecosystem [# 13]
-
NIST Released IR 8472ipd on Non-Fungible Token Security [# 14]
-
NIST Released IR 8408 on Understanding Stablecoin Technology and Related Security Considerations [# 17]
-
NIST Released IR 8450 on Overview and Considerations of Access Control Based on Attribute Encryption [# 18]
-
SBA Informed about the Publication of the Report of the Group of Experts on Banking Stability Following the Acquisition of CS by UBS [# 26]; and
-
SBA also published the 2023 Banking Barometer, Including the Swiss Banking Outlook for the first time [# 29].
Weekly Regulatory Digest • Past release: WRD23-34/35
31 August 2023
The latest issue of the “Weekly Regulatory Digest” was addressed for subscribers' information, reference, and perusal. This week's delivery included 36 "pulses" from 23 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for ease of use by recipients.
-
NIST consults on SP 800-50r1 Building a Cybersecurity and Privacy Learning Program [# 17]
-
NIST consults on SP 800-204D Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD Pipelines [# 20]
-
FINMA discontinued the recognition of SBA’s “Allocation Directives for the New Issues Market” as a minimum standard [# 9]
-
US Agencies consult on a proposal requiring large banks to maintain long-term debt to improve financial stability and resolution [# 10]
-
US Agencies proposed a guidance to enhance the resolution planning at large banks [# 11]
-
FC launched a consultation on strengthening the Swiss anti-money laundering framework [# 13]
-
Separately, recipients have been made aware that FINRA issued a Cybersecurity Alert on all exploited Barracuda Email Security Gateway (ESG) appliances (FBI Flash) [# 16].
Weekly Regulatory Digest • Past release: WRD23-33/34
24 August 2023
The latest issue of the “Weekly Regulatory Digest” was addressed for subscribers' information, reference, and perusal. This week's delivery included 34 "pulses" from 20 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for ease of use by recipients.
-
FINMA Published Guidance on Money Laundering Risk Analysis [# 15]
-
CSSF published a Warning on unauthenticated remote code execution vulnerability in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) [# 20]
-
IIA Published a GKB on "The Artificial Intelligence Revolution", Part II: Revisiting The IIA's Artificial Intelligence Framework [# 22]
-
IIA Published a New Tone-at-the-Top on "A Watershed Moment in Sustainability Reporting" [# 23]
-
IMF Published a Paper on Financial Stability Risks from Crypto-assets in Emerging Market Economies [# 31]
-
Separately, recipients have been made aware that FINMA Released Guidance 04/2023 on Important Next Steps in Insurance Intermediation [# 5], FINMA revised the Ordinance and Various Circulars Affecting the Insurance Sector [# 9], FINMA Published the Results of its Market Analysis of Life Insurer's Sample Calculations [# 11], CSSF Published its Report on the 2021-2023 Marketing Communications under the CBDF Regulation [# 17], and IIA Informed that the IIASB is Reviewing the Feedback Received on the Consultation on the Global Internal Audit Standards [# 21].
Weekly Regulatory Digest • Past release: WRD23-32/33
17 August 2023
The latest issue of the “Weekly Regulatory Digest” was addressed for subscribers' information, reference, and perusal. This week's delivery included 30 "pulses" from 23 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for ease of use by recipients.
-
NIST Unveiled New Cybersecurity Framework 2.0 Reference Tool [# 16]
-
NIST Consults on New Report on Developing Cybersecurity and Privacy Concept Mapping [# 20]
-
Separately, recipients have been made aware that MAS Finalized the Stablecoin Regulatory Framework [# 6]; the US DFS Announced a Nation-Leading Cybersecurity Strategy [# 21], and the UK FCA Invited PEPs to Share their Experience [# 26].
Weekly Regulatory Digest • Past release: WRD23-31/32
10 August 2023
The latest issue of the “Weekly Regulatory Digest” was addressed for subscribers' information, reference, and perusal. This week's delivery included 36 "pulses" from 21 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for ease of use by recipients.
-
NIST consults on the initial public draft of the NIST Cybersecurity Framework 2.0 [# 20]
-
DFSA published a report on the Cyber Simulation Exercise [# 21]
-
Separately, recipients have been made aware that EBA updated the timeline for the implementation of the IRB roadmap and published the first supervisory handbook for the validation of IRB rating systems [# 11], the FED provided additional information on its program to supervise novel activities in the banks it oversees [# 14], and CSSF published the Thematic Review report on the implementation of sustainability-related provisions in the investment fund industry [# 22].
Weekly Regulatory Digest • Past release: WRD23-30/31
3 August 2023
The latest issue of the “Weekly Regulatory Digest” was addressed for subscribers' information, reference, and perusal. This week's delivery included 55 "pulses" from 30 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for ease of use by recipients.
-
SC – Guidelines to Strengthen Technology Risk Management of Capital Market Entities [# 23]
-
IIA Bulletin – SEC new Cybersecurity Disclosure Rules [# 39]
-
Separately, recipients have been made aware that the US Agencies consult on proposed rules to strengthen capital requirements for large banks ("Basel End Game", over 1,000 pages) [# 6], and the US Agencies also updated their Guidance on liquidity risks and contingency planning [# 14].
Weekly Regulatory Digest • Past release: WRD23-29/30
27 July 2023
The latest issue of the “Weekly Regulatory Digest” was addressed for subscribers' information, reference, and perusal. This week's delivery included 50 "pulses" from 31 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for ease of use by recipients.
-
SEC – New Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure Rules [# 19]
-
NIST – Final macOS Security Guidance and Resources NIST SP 800-219r1 [# 26]
-
IFRS – Comparison of IFRS S2 with TCFD Recommendations [# 31]
-
IIA GKB – The Artificial Intelligence Revolution, Part I: Understanding, Adopting, and Adapting to AI [# 36]
-
Separately, recipients have been made aware that the SEC proposed new requirements to address risks to investors from conflicts of interest associated with the use of predictive analytics [# 20]; ISSB consults on proposed digital taxonomy to improve global accessibility and comparability of sustainability information [# 35].
Weekly Regulatory Digest • Past release: WRD23-28/29
20 July 2023
The latest issue of the “Weekly Regulatory Digest” was addressed for subscribers' information, reference, and perusal. This week's delivery included 50 "pulses" from 28 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for ease of use by recipients.
-
Separately, recipients have been made aware that FSB finalized the global regulatory framework for crypto-asset activities [# 24]; EBA published its fourth Opinion on ML / TF risks across the EU [# 33]; and ESMA published a follow-up report of the peer review of the Compliance function under MiFID I [# 34].
Weekly Regulatory Digest • Past release: WRD23-27/28
13 July 2023
The latest issue of the “Weekly Regulatory Digest” was addressed for subscribers' information, reference, and perusal. This week's delivery included 67 "pulses" from 34 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for ease of use by recipients.
-
IIA – released a new IIA and AFC Fraud and Emerging Tech Report on Identity and Authentication with PPP [# 42]
-
Separately, recipients have been made aware that this week has been particularly rich in crypto asset-related "Pulses" (including CBDC).
Weekly Regulatory Digest • Past release: WRD23-27/28
6 July 2023
The latest issue of the “Weekly Regulatory Digest” was addressed for subscribers' information, reference, and perusal. This week's delivery included 53 "pulses" from 35 different authorities / standard setters.
-
The package included the content of the "WRD" as an Excel Extract for ease of use by recipients.
-
EU Commission – New rules to ensure stronger enforcement of the GDPR in cross-border cases [# 22]
-
IIA – Bulletin on ISSB's Global Climate and Financial Sustainability Disclosure Standards [# 38]
-
IIA – GRC Part 3: How Digital Transformation is Transforming GRC [# 39]
-
IIA – Next Steps on Proposed New Global Internal Audit Standards [# 40]
-
Separately, recipients have been made aware that BaFin updated the MaComp Circular [# 10], SEBI launched a consultation on Consolidated Cybersecurity and Cyber Resilience Framework for SEBI Regulated Entities [# 21], FATF launched two consultations: (i) Revision of Recommendation 8 and its Interpretive Note [# 26], and (ii) Revision of the Best Practice Paper to Combat the Abuse of Non-Profit Organizations [#27], IOSCO proposed detailed Guidance for Open-Ended Fund Use of Anti-Dilution Liquidity Management Tools [# 35], FSB consults on policies to address vulnerabilities from liquidity mismatch in open-ended funds [# 36], and BCBS consults on revisions to the Core principles for effective banking supervision [# 37].