Regulatory Alerts2009-11-25
Reporting of ICT Incidents to the Financial Supervisory Authority
The Norwegian Financial Supervisory Authority (Finanstilsynet) has amended the ICT Regulation to mandate that financial institutions report ICT incidents causing significant functional reductions due to breaches of confidentiality, integrity, or availability. This circular establishes the reporting procedures, timelines, and content requirements, replacing previous guidance from 2007 to enhance risk management and market stability. The requirement applies to most regulated entities, excluding specific pension funds, debt collection agencies, and real estate agencies, and aligns with Basel II operational risk management standards.
Share