Institutional cooperation and dialogue with the market

In order to effectively address cyber risks in the financial sector, Banca d'Italia cooperates with other authorities and institutions in major national, European and international forums, and engages with the market. This page describes:

• objectives;
• cooperation in Italy;
• cooperation in Europe;
• international cooperation;
• dialogue with the market.

Objectives

To enhance the cyber resilience of individual operators and of the financial system as a whole, cooperation between governments, authorities and market players plays a crucial role. Such cooperation enables the development of an approach aimed at: i) promoting the convergence of policies, rules and standards for cyber risk management; ii) encouraging the adoption of best practices in risk prevention and management, facilitating the exchange of information and promoting targeted exercises, thus strengthening the understanding of cyber events and the competencies at different levels; iii) coordinating responses to large-scale crises.

Cooperation in Italy

Italy has a dedicated institutional architecture and a National Cybersecurity Strategy, whose implementation is led by the National Cybersecurity Authority (ACN), based on close collaboration between national institutions, economic sectors, academia and the world of research to develop a coordinated national approach to the challenges of cybersecurity and digital development.

As part of this, Banca d'Italia and the ACN work together on: i) sharing intelligence in the event of a large-scale cyber crisis in the European financial system, and conducting national and international exercises; ii) strengthening cooperation in the financial sector, including through the Computer Emergency Response Team for the Italian financial sector (CERTFin); iii) sharing information and cooperating in the protection against cyber threats, on the basis of a specific agreement concluded by the Bank through its own CERT (see 'The cyber resilience of Banca d'Italia').

La Banca d'Italia also collaborates with the other financial authorities to draft national regulations (see 'Legislation and guidelines'), to facilitate the exchange of information on cyber-threat levels and to coordinate with one another in the event of an incident or a crisis.

In particular, Banca d'Italia has adopted: with Consob, a strategy to strengthen the cyber resilience of the financial sector through purpose-designed measures and instruments; with Consob and Ivass, the TIBER-IT National Guidance as a common model for conducting advanced cybersecurity tests based on the threats to the Italian financial system.

On account of the specific nature of cyber risk and the complexity of the digital financial services system, Banca d'Italia cooperates with authorities in other sectors and with police forces to prevent and combat computer and cybercrime, including crimes involving money laundering.

Further information:

• National Cybersecurity Strategy (external link)

• Memorandum of Understanding between Banca d'Italia and the National Cybersecurity Agency

• Bank of Italy and Consob joint strategy for cybersecurity in the financial sector

• Report to Parliament of the Financial Security Committee ‒ MEF (external link, only in Italian)

Cooperation in Europe

Banca d'Italia partecipates in:

• Eurosystem and the European Central Bank (ECB): the Market Infrastructure and Payments Committee (MIPC), which defined the Eurosystem's strategy for the cyber resilience of financial Infrastructures in order to better prepare entities and the overall financial system (see 'Legislation and guidelines').
• The Eurosystem also hosts the Euro Cyber Resilience Board for pan-European Financial infrastructures (ECRB), an authority-industry forum for strategic dialogue on cyber resilience, chaired by the ECB, involving representatives of pan-European financial infrastructures, card schemes, critical service providers, central banks and other European authorities and agencies, including the European Union Agency for Cybersecurity (ENISA) and EUROPOL. The Cyber Intelligence and Information Sharing Initiative ‒ CIISI-EU was established at the ECRB to share information on preventing, detecting and responding to cyberattacks. Banca d'Italia participates in the CIISI-EU as a payment system operator at national level (see BI-Comp) and within the Eurosystem (see TARGET Services).
• European Systemic Risk Board (ESRB): to work on preventing and mitigating systemic risk, including cyber risk.

Further information:

• BCE - Euro Cyber Resilience Board for pan-European Financial Infrastructures (external link)

• Cyber security: Major European financial infrastructures join forces against cyber threats

International cooperation

Banca d'Italia partecipates in:

• G7: as part of the Cyber Expert Group (CEG), in which representatives of the financial authorities of the G7 countries and the European Union collaborate to share experiences, analyses and insights on cyber risk. The CEG defines high-level principles for financial authorities and operators in the field of cyber resilience, through the issuance of the G7 Fundamental Elements (see 'Legislation and guidelines'). Exercises and simulations involving institutions and operators are routinely conducted on cyber scenarios to test and strengthen their response to cyber incidents with large-scale impacts. Banca d'Italia also participates in these activities through Codise, the unit for the coordination of crisis management in the Italian financial marketplace.
• G20 and FSB (Financial Stability Board): taking part in the working groups of the Supervisory Regulatory Committee (SRC) in order to strengthen the financial system's cybersecurity and digital resilience at international level.
• CPMI-IOSCO (Committee on Payments and Market Infrastructures and International Organization of Securities Commissions): taking part in groups working on the cyber resilience guidelines for market infrastructures and payment systems.
• BCBS (Basel Committee on Banking Supervision, Bank for International Settlements ‒ BIS): working to enhance cyber resilience, climate-related financial risks and the impact of digitization on the global banking system. Supervisory and policy initiatives are discussed.

Further information:

• G7 Cyber Expert Group - G7 CBCE 2024 coordination exercise

• Codise - account of G7 CBCE 2019 exercise (only in Italian)

• BIS - Basel Committee on Banking Supervision (BCBS) (external link)

• For further information on FSB and CPMI-IOSCO see also 'Legislation and guidelines'

Dialogue with the market

At the national level, Banca d'Italia chairs Codise, the unit in charge of crisis coordination and management in the Italian financial marketplace, of which Consob and the systemically important domestic operators are also members. Codise also intervenes in the event of serious cyber threats (see 'Cybersecurity for financial stability').

Banca d'Italia and the Italian Banking Association (ABI) founded  the Computer Emergency Response Team for the Italian financial sector (CERTFin) as a forum for public-private cooperation to support the Italian financial industry. CERTFin facilitates the exchange of information on threats and vulnerabilities between banking, financial and insurance operators to improve their ICT risk management capability. CERTFin has signed a Memorandum of Understanding with ACN for the cybersecurity of the Italian financial sector and collaborates with the Italian Communications Regulatory Authority (AGCOm) and the Postal and Communications Police, having a specific agreement with the latter.

Banca d'Italia also chairs the Italian Committee on Payments (CPI), whose objective is to support the development of a secure, innovative and competitive payments market and which acts as a point of contact for other national and European committee.

Further information:

• Codise

• CERTFin

• Memorandum of Understandings ACN-CERTFin (only in Italian)

• Italian Payments Committee