Comments on the FSB-consultation: Common Format for Incident Reporting Exchange (FIRE)

The Financial Stability Board (FSB) published for consultation a Format for Incident Reporting Exchange (FIRE), a common format for financial firms’ reporting of operational incidents, including cyber incidents. FIRE aims to promote convergence in reporting practices, to address operational challenges arising from reporting to multiple authorities, and to foster better communication within and across jurisdictions. FIRE builds on the FSB Recommendations to Achieve Greater Convergence in Cyber Incident Reporting, published in 2023.

GBIC recommends aligning the FIRE template as much as possible with the requirements of the EU's Digital Operational Resilience Act (DORA) by removing unintended data fields to ensure consistency and streamline reporting. The GBIC also urges the deletion of further fields to avoid speculative answers and improve the clarity of reporting. Finally, there is a risk that the numerous optional fields in FIRE will complicate reporting and perpetuate existing problems.

GBIC also emphasizes the importance of authorities strengthening controls to protect the extensive amount of sensitive reporting data from unauthorized disclosure, as exposure could significantly increase the risk profile of reporting entities. GBIC calls on the FSB to make safe and secure incident reporting a priority when adopting the FIRE framework.

With DORA taking effect in January 2025, the FSB should take a phased approach to aligning FIRE, starting with non-EU countries and later expanding within the EU.