This is the consolidated view of findings. Click 'see details →' on any item for the full details for each finding.
An Operations team that accepts the AI's description of the 2016 guidance as already detailed and comprehensive may not consult the FSB's 2020 Effective Practices document, and may build incident response plans, supplier assurance frameworks, and operational resilience policies that reflect the earlier document's high-level principles rather than the fuller set of expectations that supervisors now apply. When a regulatory review or examination tests the firm's cyber incident response arrangements against the current international standard — which encompasses both the 2016 and 2020 publications — the gap will appear as a substantive compliance deficiency. The firm faces the cost of remediation, potential enforcement action from relevant supervisory authorities, and the reputational exposure of having submitted documentation to regulators or counterparties that misstated the basis for its resilience framework.
see details →