Board of Directors approved changes to Cyber Incidents file and reporting instructions.
The amendments aim to improve quality and granularity of the information provided.
That is to be done via development of Cyber Incidents file and reporting instructions, to promote adequate identification of threats to digital operational resilience.
Also to ensure consistency and coherence of practices adopted by supervised entities in complying with this information provision obligation.
The amendments apply to reporting provided for in art 26i) of Rule 4/2023-R and in art 4.1i) of Rule 5/2023-R with reference to the previous month.
The changes apply to reporting of cyber incidents occurring as of Apr. 20, 2025.
The new version of Cyber Incidents file and its reporting instructions can be consulted in dedicated reporting section on POR ASF website, available at link provided.
On Apr. 12, POR ASF consulted on draft norms re reporting data.
POR ASF opened public consultation 5/2023 re draft regulatory norms on the provision of supervisory information from (re-) insurance companies, pension funds companies.
Main Points
Update the PRO ASF reporting re the alteration and availability of models, instructions, maps and forms of report as well as meeting the need for periodic adaptation thereof.
Availability of templates, instructions, maps and reporting forms on the POR ASF website for consolidated and easy access of the elements that must be reported.
Alignment with new information duties re the establishment, operation of pension funds and pension fund managers (RJFP), approved by law 27/2020, of Jul. 23, 2020.
And re the insurance and reinsurance activities (RJDS) by law 7/2019 of Jan. 16, 2019.
Draft norms introduced a new quarterly reporting duty for behavioral statistical data.
Reporting of cyber incidents and cyber risks currently provided for in cir 5/2022 and 6/2022, of May 24, 2022, become regular and extend to (re-) insurance groups, firms.
Draft norms will repeal norm 8/2016-R, of Aug. 16, 2016, and norm 11/2020-R, of Nov. 3, 2020, with the exception of the transitional regime re AML/CFT information.
Available online is a personal data form, list of reporting obligations for (re-) insurers.
Also, a list on the reporting obligations for pension fund management companies.
Effectiveness
Comments on the drafts norms can be submitted by email until May 12, 2023.
May 2023 Consultation Extended
On May 11, 2023, POR ASF extended the consultation deadline up to May 24, 2023.
They adopt different approach in regulation of reporting to POR ASF regarding the alteration and availability of reporting models, instructions, maps and forms.
To maintain legal certainty regarding reporting duties (respective subjective scope of application, term and means of providing the information).
Ensure rapid updating of detailed content of information to be reported, preserving suitability of approval mechanisms, transparency of content of information to report.
Models, instructions, maps, forms to be found in dedicated place on POR ASF website.
Shift for simplification, speed, efficiency, transparency for increased reporting system digitization and modernization; new methodology will bring benefits to supervised too.
In force on day following publication with exception of the report referring to behavioral nature information, due from Apr. 30, 2024 re previous quarter.
Board of Directors approved changes to Cyber Incidents file and reporting instructions.
The amendments aim to improve quality and granularity of the information provided.
That is to be done via development of Cyber Incidents file and reporting instructions, to promote adequate identification of threats to digital operational resilience.
Also to ensure consistency and coherence of practices adopted by supervised entities in complying with this information provision obligation.
The amendments apply to reporting provided for in art 26i) of Rule 4/2023-R and in art 4.1i) of Rule 5/2023-R with reference to the previous month.
The changes apply to reporting of cyber incidents occurring as of Apr. 20, 2025.
The new version of Cyber Incidents file and its reporting instructions can be consulted in dedicated reporting section on POR ASF website, available at link provided.
