Financial Stability Board peer review recommends Spain map cyber threats, assess third-party concentration and create a single incident reporting channel

The Financial Stability Board (FSB) published its second peer review of Spain’s efforts to enhance cyber resilience in the financial sector and mitigate financial stability risks from operational incidents and cyber-attacks. The review finds Spanish authorities have put significant focus on cyber resilience and have implemented good practices, including preparations to meet enhanced expectations under the European Union Digital Operational Resilience Act (DORA), but it calls for further improvements as digitalisation and cyber risks evolve. Key recommendations include developing a comprehensive mapping of the cyber threat landscape to improve intelligence for authorities and industry decision-making, and leveraging best practices to raise consistency and maturity across agencies through cross-sectoral working groups and information-sharing mechanisms under the oversight of the Spanish Macroprudential Authority. The FSB also recommends a national analysis of existing registers of information to identify critical third-party providers, assess concentration risks, and define a strategy for domestically critical third parties, alongside establishing a single national incident reporting channel that automatically shares data with relevant authorities and supports crisis preparedness via intergovernmental working groups, playbooks and drills. The FSB noted that this work forms part of its peer review programme to assess implementation of international financial standards, and said a peer review of the Netherlands is forthcoming.