18. The BAHTNET BCP is developed in line with the relevant regulations and deals with
adequate potential scenarios.
7
These are found to be adequate in tackling operational risk and
ensuring the continuity of operations of BAHTNET. Even though annual market-wide testing is
organized, it is suggested to adopt a holistic approach taking into account a disaster scenario when
the operations of more than one FMI are disrupted. Custody risk is adequately managed since
BAHTNET doesn’t invest the collateral and holds it at TSD, an FMI regulated and supervised by SEC.
19. The BoT applies the CPMI-IOSCO Guidance on cyber resilience for financial market
infrastructures (June 2016) to BAHTNET to enhance its cyber resilience. The five primary risk
management categories and three overarching components
8
have been incorporated in BAHTNET’s
cyber resilience framework, including with a Cyber Security Incident Response Plan (CSIRP), and a
strong collaboration with other relevant agencies (such as ThaiCERT) and EMEAP central banks. The
BoT conducts CSIRP testing periodically and has a team dedicated to cyber threat intelligence,
vulnerability assessments and penetration tests are run by external entities on an annual basis.
Access (Principle 18–19)
20. The BAHTNET has fair and open access criteria for participation, which
comprehensively considers each participant’s risk management capability, the stable and
efficient operation of BAHTNET, and the possibility of systemic risk. Access criteria are detailed
in BAHTNET Regulations and the BoT Notifications and cover legal, financial, and operational
requirements; they are justified and commensurate with BAHTNET’s specific risks. There are only
direct participants
9
in BAHTNET, bound by the rules of the system.
Efficiency (Principle 21, 22)
Do'stlaringiz bilan baham: |
