The Financial Stability Board (FSB) published today for consultation a Format for Incident Reporting Exchange (FIRE), a common format for financial firms’ reporting of operational incidents, including cyber incidents.
FIRE aims to promote convergence in reporting practices, to address operational challenges arising from reporting to multiple authorities, and to foster better communication within and across jurisdictions. FIRE builds on the FSB Recommendations to Achieve Greater Convergence in Cyber Incident Reporting, published in 2023.
Incident reporting is a key mechanism for financial authorities to monitor disruptions within regulated entities. Currently, differences in reporting approaches across jurisdictions result in fragmented requirements and coordination challenges, which could exacerbate financial stability risks arising from operational incidents, including cyber incidents. Greater convergence between reporting frameworks will support financial institutions’ efficient incident response and recovery, as well as more effective supervision and cooperation among authorities.
Developed in consultation with the private sector, FIRE provides a set of common information items for reporting incidents. Its design maximises flexibility and interoperability. Authorities can choose the extent to which they adopt FIRE, leveraging its features and definitions to promote convergence and facilitate translation between existing frameworks. Similarly, financial institutions can use FIRE both in their reporting to financial authorities and in their relationships with service providers. The consultation package consists of (i) a ‘human-readable’ format, (ii) a structured data model of FIRE using the reporting-language-agnostic Data Point Model method, and (iii) a taxonomy in eXtensible Business Reporting Language (XBRL) as a sample machine-readable version of FIRE.
The FSB is inviting comments on the consultation package and the questions set out. Responses should be submitted via this secure online form by 19 December 2024.
Responses will be published on the FSB’s website unless respondents expressly request otherwise on the online form.
Background
The FSB published a report on Cyber Incident Reporting: Existing Approaches and Next Steps for Broader Convergence in October 2021. The report set out three ways to achieve greater convergence in cyber incident reporting: developing best practices for incident reporting; identifying common types of information to be shared; and creating common terminologies for cyber incident reporting. The FSB followed up, in April 2023, with a comprehensive approach to achieving greater convergence in cyber incident reporting, which included an updated cyber lexicon and a concept for developing a common format for incident reporting exchange (FIRE).
The FSB coordinates at the international level the work of national financial authorities and international standard-setting bodies and develops and promotes the implementation of effective regulatory, supervisory, and other financial sector policies in the interest of financial stability. It brings together national authorities responsible for financial stability in 24 countries and jurisdictions, international financial institutions, sector-specific international groupings of regulators and supervisors, and committees of central bank experts. The FSB also conducts outreach with approximately 70 other jurisdictions through its six Regional Consultative Groups.
The FSB is chaired by Klaas Knot, President of De Nederlandsche Bank. The FSB Secretariat is located in Basel, Switzerland and hosted by the Bank for International Settlements.