This is the consolidated view of findings. Click 'see details →' on any item for the full details for each finding.
An Operations team that accepts the AI's characterisation of the 2016 CPMI-IOSCO guidance as operationally detailed may design or certify the firm's cyber incident response and recovery framework without reference to the FSB's 2020 effective practices publication. Internal documents built on this basis — including the firm's incident response plan, recovery time objective documentation, and regulatory self-assessment submissions — will reflect an incomplete view of current international expectations. If a supervisory review or a live cyber incident exposes the gap, the firm faces remediation costs across multiple operational documents simultaneously, potential supervisory findings about the adequacy of its resilience framework, and reputational exposure with counterparties and correspondent banks who assess operational resilience as part of their own due diligence.
see details →