Operational resilience and cyber


In 2016, Danmarks Nationalbank and the financial sector established a new collaboration forum aiming to increase operational resilience capability within the sector, including resilience to cyberattacks. The name of this forum is the Financial Sector forum for Operational Resilience, FSOR.

​Daily transfers in the Danish financial system average almost kr. 600 billion. This corresponds to more than a quarter of Denmark's GDP. To ensure correct and timely settlement of these transactions, the financial sector uses complex IT systems and is interconnected via data centres and payment and settlement systems. Sector participants must safeguard their own systems, but there is also a need for a concerted and coordinated effort to ensure that the overall financial system is resilient to operational risks, including e.g. cyber risks, which constitute a special type of operational risk.

Danmarks Nationalbank put operational risks and cyber risks on the agenda of the Systemic Risk Council in December 2015, and at follow-up discussions with the financial sector there was broad agreement that formalised sector collaboration in this area was required. Consequently, Danmarks Nationalbank set up the Financial Sector forum for Operational Resilience (FSOR) aiming to increase operational resilience, including cyber resilience, in Denmark.

The FSOR is a forum for collaboration between authorities and key financial sector participants. Danmarks Nationalbank chairs and acts as secretariat of the FSOR.

The FSOR's vision is that the Danish financial sector should be best in class in Europe when it comes to countering the threat from cybercrime, so that it:

  • continues to provide a secure and efficient infrastructure, and
  • supports the Danes' continued trust in the digital solutions of the Danish financial sector.

The tasks of the FSOR are to:

  • ensure a common overview of operational risks that may have a cross-sector impact and that could potentially pose a threat to financial stability in Denmark,
  • decide on and ensure implementation of joint measures to ensure financial sector resilience to major operational incidents, including cyberattacks,
  • create a framework for collaboration and information sharing – within the sector, between different sectors and internationally.

The FSOR held its first meeting in June 2016. Since then, the following initiatives have been carried out:

  1. Cross-sector crisis response has been established to manage serious operational incidents, including cyberattacks.
  2. A cyber stress test of the cross-sector crisis response plans has been conducted.
  3. Critical participants and core functionality have been identified. The infrastructure has been mapped and mapping of interdependencies between the various participants has begun.
  4. Danmarks Nationalbank and the Danish Financial Supervisory Authority have mapped the cyber resilience capability of key participants in relation to cyberattacks.

 

FSOR participants

  • Banks and mortgage banks: Danske Bank, DLR Kredit, Jyske Bank, Nordea, Nykredit, Sydbank
  • Payment and settlement systems: Nets, VP Securities
  • Data centres: Bankdata, BEC, JN Data, SDC
  • Industry associations: Danish Bankers Association, Danish Insurance Association, Association of Danish Mortgage Banks
  • Authorities: Centre for Cyber Security, Ministry of Business, Danish Financial Supervisory Authority, Danmarks Nationalbank
  • Others: e-nettet, the Financial Stability Company, Nasdaq

    Danmarks Nationalbank chairs and acts as secretariat of the FSOR.  

 

Cyber security in the financial sector - Vision 2020

The Danish financial sector should be best in class in Europe when it comes to countering the threat from cybercrime, so that it:

  • continues to provide a secure and efficient infrastructure, and
  • supports the Danes' continued trust in the digital solutions of the Danish financial sector.

To realise this vision, initiatives must be implemented within three main areas:

  • strengthened collaboration within the sector and improved scope for action for individual sector participants
  • stronger collaboration with relevant stakeholders both nationally and internationally
  • increased awareness and knowledge of cyber security

More about the vision and press release