December 13, 2018

EBA launched a consultation on the draft guidelines on ICT and security risk management. These guidelines establish requirements for credit institutions, investment firms, and payment service providers (PSPs) on the mitigation and management of their information and communication technology (ICT) risks and aim to ensure a consistent and robust approach across the Single Market. The consultation runs until March 13, 2019.

The guidelines outline expectations in relation to governance, risk assessment process, information security requirements, ICT operational management, security in the change and development processes, and business continuity management to mitigate ICT and security risks. Due to an increasing reliance on ICT for their operational functioning, financial institutions are vulnerable to increased threats from internal and external attacks, including cyber-attacks, or breaches that may arise from inadequate business continuity planning for ICT systems and processes, or poor processes related to ICT change management. These guidelines aim to mitigate all ICT risks—whether internal or external—, including security-related risks, for all financial institutions. 

The Guidelines are addressed to credit institutions and investment firms as defined in the Capital Requirements Directive (CRD), for all of their activities, and to PSPs subject to the revised Payment Services Directive (PSD2), for their payment services. These guidelines respond to EC's FinTech Action plan request for the EBA to develop guidelines on ICT risk management and mitigation requirements in the financial sector in EU. The guidelines on security measures for operational and security risks (EBA GL/2017/17) have been fully integrated in the EBA guidelines on ICT and security risk management and will be repealed when these proposed guidelines enter into force.

 

Related Links

Comment Due Date: March 13, 2019

Keywords: Europe, EU, Banking, PMI, Guidelines, Cyber Risk, ICT Risk, Regtech, CRD, PSD2, EBA

Related Articles
News

BIS Report Discusses Regulatory Issues Related to Big Techs in Finance

BIS has pre-released a chapter of the BIS Annual Economic Report; this chapter focuses on the risks and opportunities presented by large technology firms (big techs) in the financial services sector.

June 23, 2019 WebPage Regulatory News
News

IOSCO Report Examines Liquidity in Corporate Bond Markets

IOSCO published a report that examines the factors affecting liquidity, under stressed conditions, in the secondary corporate bond markets.

June 21, 2019 WebPage Regulatory News
News

EBA Single Rulebook Q&A: Third Update for June 2019

Under the Single Rulebook question and answer (Q&A) updates for this week, EBA published one answer regarding the calculation of institution-specific countercyclical capital buffer rates.

June 21, 2019 WebPage Regulatory News
News

HKMA Publishes Banking Exposure Limits Code Under Banking Ordinance

HKMA issued a circular to all authorized institutions informing that the Banking (Exposure Limits) Code has been published in the Gazette on June 21, 2019.

June 21, 2019 WebPage Regulatory News
News

BCBS Report Examines Global Pillar 2 Supervisory Review Practices

BCBS published a report that examines the Pillar 2 supervisory review practices and approaches in Basel member jurisdictions.

June 21, 2019 WebPage Regulatory News
News

FED Publishes Results of the 2019 Stress Tests for Banks

FED published a report presenting results of the Dodd-Frank Act Stress Test (DFAST) exercise for 2019.

June 21, 2019 WebPage Regulatory News
News

IASB Publishes Work Plan and Meeting Updates for June 2019

IASB published an updated work plan and a summary of its June meeting, which presents preliminary decisions of the Board.

June 21, 2019 WebPage Regulatory News
News

OSFI Proposes Guideline on Internal Model Oversight for Insurers

OSFI proposed the draft guideline E-25 on the internal model oversight framework for federally regulated property and casualty (P&C) insurance companies.

June 21, 2019 WebPage Regulatory News
News

BCBS Publishes Summary of the Meeting in June 2019

BCBS published a summary of its June meeting in Basel.

June 20, 2019 WebPage Regulatory News
News

OCC Bulletin on Risk Management Guidance for Home Mortgage Lending

OCC published Bulletin 2019-28 on risk management guidance for higher-loan-to-value (LTV) lending activities in communities targeted for revitalization.

June 19, 2019 WebPage Regulatory News
RESULTS 1 - 10 OF 3298