On May 30, 2025, CHI CB issued finalized measures, gave answers to press; measures include a duty to promptly report cybersecurity incidents affecting AML systems.
The measures will be effective from Aug. 1, 2025.
On Jan. 24, CHI CB proposed measures for reporting cyber incidents.
CHI CB drafted Administrative measures for reporting cybersecurity incidents in the business domains of the CHI CB, to align with cybersecurity and data security legislation which requires FIs to report incidents as part of their legal obligations.
Proposed Measures
Introduce graded system for cybersecurity incidents, categorizing them as particularly significant, significant, moderate, or minor, with clear standards for each grade.
Standardize incident reporting requirements, covering procedures before, during, and after incidents, and extend these requirements to non-banking financial institutions.
New measures detail reporting responsibilities, processes, timelines, and content, enabling the CHI CB to better monitor cybersecurity trends and responses.
The proposal comprises five chapters: general provisions, graded management, incident reporting, legal responsibilities, as well as supplementary provisions.
Penalties framework for non-compliance while allowing for leniency in certain cases.
Consultation End
Comment period for the consultation closes on Feb. 24, 2025.
May 2025 Measures Finalized
On May 30, 2025, CHI CB issued finalized measures, gave answers to press; measures include a duty to promptly report cybersecurity incidents affecting AML systems.
