Le rapport Tracfin évalue les menaces de 𝗯𝗹𝗮𝗻𝗰𝗵𝗶𝗺𝗲𝗻𝘁 𝗱𝗲 𝗰𝗮𝗽𝗶𝘁𝗮𝘂𝘅 𝗲𝘁 𝗱𝗲 𝗳𝗶𝗻𝗮𝗻𝗰𝗲𝗺𝗲𝗻𝘁 𝗱𝘂 𝘁𝗲𝗿𝗿𝗼𝗿𝗶𝘀𝗺𝗲 (𝗕𝗖-𝗙𝗧), positionnant les 𝗯𝗮𝗻𝗾𝘂𝗲𝘀 et les 𝗮𝘀𝘀𝘂𝗿𝗲𝘂𝗿𝘀 comme des piliers essentiels du dispositif de lutte.
Les compagnies d'assurances sont cruciales pour détecter la 𝗳𝗿𝗮𝘂𝗱𝗲 𝗳𝗶𝘀𝗰𝗮𝗹𝗲 (ex: immatriculation de véhicules à l'étranger) et les escroqueries aux prestations de santé. Les assureurs-vie doivent aussi exercer une vigilance accrue envers les 𝗣𝗲𝗿𝘀𝗼𝗻𝗻𝗲𝘀 𝗣𝗼𝗹𝗶𝘁𝗶𝗾𝘂𝗲𝗺𝗲𝗻𝘁 𝗘𝘅𝗽𝗼𝘀é𝗲𝘀 (𝗣𝗣𝗘).
Les établissements bancaires et de paiement sont les plus impliqués dans les cas de BC-FT. Le risque est jugé élevé pour les banques privées (corruption, fraude fiscale IFI) et les banques de financement (blanchiment via le commerce international). Les établissements de paiement, en raison de la facilité d'ouverture de comptes, sont souvent exploités comme "comptes de passage" par des sociétés éphémères. La vigilance de ces institutions est vitale face à une criminalité financière en constante évolution.
This publication presents recommendations for integrating cybersecurity incident response into risk management, using the 𝗡𝗜𝗦𝗧 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗙𝗿𝗮𝗺𝗲𝘄𝗼𝗿𝗸 (𝗖𝗦𝗙) 𝟮.𝟬 as a reference model. It defines a life-cycle based on the six CSF functions (𝗚𝗼𝘃𝗲𝗿𝗻, 𝗜𝗱𝗲𝗻𝘁𝗶𝗳𝘆, 𝗣𝗿𝗼𝘁𝗲𝗰𝘁, 𝗗𝗲𝘁𝗲𝗰𝘁, 𝗥𝗲𝘀𝗽𝗼𝗻𝗱, 𝗥𝗲𝗰𝗼𝘃𝗲𝗿), outlines roles and responsibilities, and provides a “Community Profile” mapping priorities, recommendations, and considerations for incident response. The document also emphasizes continuous improvement, customizing guidance to organizational context, and leveraging other NIST and external resources.
The study examines behavioral and informational factors influencing German SMEs' cyber insurance decisions, based on a survey of 1,248 executives. Findings indicate that perceived financial impact and anxiety about cyberattacks significantly increase purchase likelihood, while perceived probability of attack and prior experience do not. External cybersecurity expertise positively affects demand, whereas reliance on independent Internet research reduces it, attributed to information overload. Internal risk assessments show no significant effect. Firm size is a strong determinant, with micro and small enterprises less likely to purchase than large firms. The research highlights emotional and informational influences over rational risk estimates.
The white paper examines how the EU’s **NIS2 Directive** and **DORA Regulation** impose resilience, security, and compliance obligations on critical and financial-sector entities. It describes how NIS2 applies broadly to “essential” and “important” operators, while DORA targets financial firms, and compares their requirements for risk management, incident reporting, audits, third-party oversight, governance, testing, and information sharing. The document outlines potential penalties for noncompliance, the need for gap assessments and harmonization across jurisdictions, and emphasizes that entities both inside and outside the EU may be affected by these rules.
The provided text is an **academic article** that offers a comprehensive **analytical review of cyber risk management** within the insurance industry, focusing heavily on the **mathematical models** used for risk quantification and premium pricing. The review systematically covers the current state-of-the-art in cyber risk, discussing how dynamic and interconnected threats challenge traditional actuarial methods, necessitating the use of advanced quantitative tools like **stochastic models and copulas** to manage dependencies and calculate **Solvency Capital Requirements (SCR)**. It thoroughly details various **vulnerability functions** (including the well-known Gordon-Loeb model and its extensions) and different **premium calculation principles** (such as Expected Value and Mean-Variance), concluding that closer collaboration between different disciplines is essential for developing **robust cyber insurance and reinsurance solutions** in an increasingly digital landscape.
Afin d’accompagner le secteur financier dans sa préparation, l’ACPR a organisé une réunion de Place le 17 septembre 2025 à l’occasion de laquelle elle a présenté un état des lieux de la nouvelle règlementation et donné des précisions quant à son rôle et son organisation en matière de surveillance des systèmes d’IA.
The geospatial Agent-Based Model (ABM) framework outlined in this article enables financial institutions, including insurers, to quantify direct and cascading climate risks, capturing spatial and temporal dynamics and supply chain disruptions overlooked by traditional models. It supports climate scenario analysis for enhanced risk assessment and portfolio management, revealing systemic risks affecting even indirectly exposed agents. The framework evaluates cost-effective adaptation strategies, showing how firms’ adaptive behaviors, like pre-emptive capital increases, reduce climate impacts. By integrating geospatial climate data with economic models, it bridges gaps between climate projections and financial decision-making, aiding risk management and capital allocation.
This research addresses the critical challenge of model ambiguity in insurance, where the true probabilities of losses are uncertain. It introduces randomly distorted Choquet integrals, a novel mathematical tool for creating flexible and dynamic risk measures. This provides a formal, unified methodology to resolve expert disagreements by extending industry-standard metrics like Value at Risk (VaR) and Average Value at Risk (AVaR). The framework allows a decision-maker to synthesize divergent opinions—whether on key parameters like a VaR confidence level or on the fundamental risk model itself (e.g., VaR vs. AVaR)—into a single, coherent, and scenario-dependent assessment.
The report discusses the growing threat of cyber risk to the EU's financial stability. Key points include:
• Cyber risk is a significant and systemic threat to the EU's financial sector, with increasing frequency and sophistication of attacks.
• Factors amplifying risk include geopolitical tensions, third-party IT dependencies, and the dual-edged impact of AI.
• The financial sector, including banks and insurers, faces tangible impacts from cyber threats.
• DORA is seen as a critical step requiring ongoing commitment to vigilance and resource allocation for digital infrastructure defense.
En France, l’Open Banking s’impose sous un impératif clair : protéger les données des utilisateurs. Le dernier rapport de l’ACPR rappelle que la confiance repose sur un cadre robuste, incarné par la directive européenne DSP2. Celle-ci impose une authentification renforcée et privilégie l’usage d’API standardisées, jugées plus sûres que le webscrapping. Les grands groupes bancaires ont déployé une gouvernance stricte, incluant tests, contrôles et mécanismes de secours. De son côté, le régulateur veille au respect de ces obligations grâce à une supervision en temps réel. L’enjeu : concilier sécurité maximale et fluidité d’usage.