CUBE RegNews: 20th February

Greg Kilminster

Greg Kilminster

Head of Product - Content

ECB issues final revised guide to internal models     

The European Central Bank (ECB) has issued a final revised guide to internal models. The guide provides transparency on how the ECB understands the rules governing the internal models used to compute own funds requirements for credit, market, and counterparty credit risk.  

The guide’s revisions include clarifications on the following: 

  • How banks should include climate-related and environmental risks in their models,  
  • How banks can revert to the standardised approach to calculating risk-weighted assets  
  • How banks can measure default risk in trading book positions.  
  • How banks can move towards a common definition of default and a consistent treatment of “massive disposals” concerning credit risk. 

The ECB has also released a feedback statement summarising the comments received from the related public consultation and the resulting ECB’s evaluation. 

Click here to read the full RegInsight on CUBE’s RegPlatform

MAS issues advisory letter on managing cybersecurity risks from quantum computing      

The Monetary Authority of Singapore (MAS) has released an advisory letter that offers guidance on managing cybersecurity risks that could arise from the latest developments in quantum computing. The letter emphasizes the potential vulnerabilities of commonly used encryption and digital signature algorithms and underscores the importance of financial institutions (FIs) taking appropriate measures to ensure quantum-resistant encryption and safeguard financial transactions and sensitive data. 

The letter briefly discusses recent developments and highlights mitigating measures that FIs should consider, such as: 

  •  Keeping up with the latest advancements in quantum computing by connecting with relevant industry groups, research bodies, or Information Sharing and Analysis Centers (ISACs). 
  • Increasing awareness of cybersecurity risks internally by involving senior management and externally by ensuring that relevant third-party vendors comprehend the potential threats. 
  • Maintaining an inventory of cryptographic assets and identifying crucial assets to be prioritized for migration to quantum-resistant encryption.
  • Developing strategies and building capabilities to address cybersecurity risks associated with quantum computing. 

This letter should be read as supplementary information to MAS notices and guidelines, such as notice on Technology Risk Management (TRM), notice on cyber hygiene, TRM guidelines, and outsourcing guidelines. 

Click here to read the full RegInsight on CUBE’s RegPlatform

APRA proposes changes to prudential requirements for operational risk financial requirement          

The Australian Prudential Regulation Authority (APRA) has released proposed amendments to the prudential requirements and guidance regarding the operational risk financial requirement (ORFR). This consultation comes after APRA issued a discussion paper on financial resources for risk events in superannuation in November 2022. 

After considering the feedback received, APRA has recommended changes to Prudential Standard SPS 114 Operational Risk Financial Requirement (SPS 114) and the associated Prudential Practice Guide SPG 114 Operational Risk Financial Requirement (SPG 114). These changes aim to: 

  • Clarify the purpose of the ORFR. 
  • Establish a clear and direct relationship with Prudential Standard CPS 230 Operational Risk Management (CPS 230). 
  • Expand the range of uses for the ORFR. 
  • Revise the notification requirements to facilitate the use of the ORFR. 


The deadline for feedback is 13 May 2024. 

Click here to read the full RegInsight on CUBE’s RegPlatform