Supervision release 7 March 2022 – 14/2022

Financial Supervision Authority calls for enhanced monitoring of cyber security

The escalation of the international security situation also increases the possibility of cyber attacks against financial sector actors and service providers. The Financial Supervisory Authority (FIN-FSA) urges its supervised entities to conduct enhanced monitoring of cyber security.

Protection against cyber threats, identifying and responding to cyber incidents

The FIN-FSA urges supervised entities to ensure that their protective measures against various cyber threats are up to date. In addition, it is important to ensure that outsourcing partners also have in place protection against cyber threats.

Supervised entities must ensure rapid detection of security breaches in their ICT environments and their capacity to respond immediately to cyber incidents or disruptions.

Risk assessments, continuity plans and outsourced operations

Supervised entities must keep ICT environment risk assessments, risk management measures and technical protections up to date.

Supervised entities must also ensure that function-specific continuity plans and system-specific recovery plans are kept up to date. In particular, they must ensure that the instructions and operating procedures for handling various security breaches have been updated.  The security and continuity of outsourced operations throughout the service chain are also vital, particularly in the current situation, when cyber threats are increasing.

Follow National Cyber Security Centre instructions

The National Cyber Security Centre in Finland bases its national cyber security situation picture on, among other things, the notifications it receives. The FIN-FSA encourages its supervised entities to monitor the state of cyber security via the public authorities, in particular the National Cyber Security Centre’s bulletins and situation picture reports, to take into account in their activities the National Cyber Security Centre’s guidelines, and to notify with a low threshold the National Cyber Security Centre of suspected security breaches.

Security breaches must be reported to the FIN-FSA

The FIN-FSA must be notified of significant disruptions and faults in services as well as in payment and information systems immediately after they occur. Significant security breaches, and cyber-attacks in particular, must also be reported as soon as they are detected.

For further information, please contact

Markku Koponen, Head of Division, telephone +358 9 183 5389

The corresponding Finnish-language supervision release was published on 4 March 2022.