General Information & Client Service
  • Americas: +1.212.553.1653
  • Asia: +852.3551.3077
  • China: +86.10.6319.6580
  • EMEA: +44.20.7772.5454
  • Japan: +81.3.5408.4100
Media Relations
  • New York: +1.212.553.0376
  • London: +44.20.7772.5456
  • Hong Kong: +852.3758.1350
  • Tokyo: +813.5408.4110
  • Sydney: +61.2.9270.8141
  • Mexico City: +001.888.779.5833
  • Buenos Aires: +0800.666.3506
  • São Paulo: +0800.891.2518
December 13, 2018

EBA launched a consultation on the draft guidelines on ICT and security risk management. These guidelines establish requirements for credit institutions, investment firms, and payment service providers (PSPs) on the mitigation and management of their information and communication technology (ICT) risks and aim to ensure a consistent and robust approach across the Single Market. The consultation runs until March 13, 2019.

The guidelines outline expectations in relation to governance, risk assessment process, information security requirements, ICT operational management, security in the change and development processes, and business continuity management to mitigate ICT and security risks. Due to an increasing reliance on ICT for their operational functioning, financial institutions are vulnerable to increased threats from internal and external attacks, including cyber-attacks, or breaches that may arise from inadequate business continuity planning for ICT systems and processes, or poor processes related to ICT change management. These guidelines aim to mitigate all ICT risks—whether internal or external—, including security-related risks, for all financial institutions. 

The Guidelines are addressed to credit institutions and investment firms as defined in the Capital Requirements Directive (CRD), for all of their activities, and to PSPs subject to the revised Payment Services Directive (PSD2), for their payment services. These guidelines respond to EC's FinTech Action plan request for the EBA to develop guidelines on ICT risk management and mitigation requirements in the financial sector in EU. The guidelines on security measures for operational and security risks (EBA GL/2017/17) have been fully integrated in the EBA guidelines on ICT and security risk management and will be repealed when these proposed guidelines enter into force.

 

Related Links

Comment Due Date: March 13, 2019

Keywords: Europe, EU, Banking, PMI, Guidelines, Cyber Risk, ICT Risk, Regtech, CRD, PSD2, EBA

Related Insights
News

US Agencies Propose Revisions to FFIEC Reports 031, 041, 051, and 101

US Agencies (FDIC, FED, and OCC) propose to extend for three years, with revision, FFIEC 031, FFIEC 041, FFIEC 051, and FFIEC 101.

February 21, 2019 WebPage Regulatory News
News

OFR Adopts Data Collection Rule on Centrally Cleared Repo Transactions

OFR adopted a final rule to establish a data collection covering centrally cleared funding transactions in the U.S. repurchase agreement (repo) market.

February 20, 2019 WebPage Regulatory News
News

FHFA Finalizes Rule on Federal Home Loan Bank Capital Requirements

FHFA published, in Federal Register, the final rule to adopt, as its own, portions of the regulations of the Federal Housing Finance Board pertaining to the capital requirements for the Federal Home Loan Banks.

February 20, 2019 WebPage Regulatory News
News

PRA Publishes PS4/19 on Loss-Absorbency Mechanism Under Solvency II

PRA published a policy statement (PS4/19) that provides feedback on responses to the consultation paper (CP27/18) on adjusting for the reduction of loss absorbency where own fund instruments are taxed on write down under Solvency II.

February 20, 2019 WebPage Regulatory News
News

SRB Publishes Framework for Performing Valuations in Resolution

The framework provides independent valuers and the general public with an indication of the expectations of SRB on the principles and methodologies for valuation reports, as set out in the legal framework.

February 19, 2019 WebPage Regulatory News
News

BIS Paper on Effect of Securities Lending on OTC Market Liquidity

BIS published a working paper that studies how securities lending affects over-the-counter market (OTC) liquidity.

February 19, 2019 WebPage Regulatory News
News

US Agencies Extend Consultation Period for the Proposed SA-CCR

US Agencies (FDIC, FED, and OCC) extended the comment period for a proposed rule to update their standards for how firms measure counterparty credit risk posed by derivative contracts.

February 18, 2019 WebPage Regulatory News
News

FED Extends Consultation Period for Stress Testing Rule

FED has published in the Federal Register a notice proposing amendments to the company run and supervisory stress test rules.

February 15, 2019 WebPage Regulatory News
News

EBA Single Rulebook Q&A: Third Update for February 2019

EBA published answers to two questions under the Single Rulebook question and answer (Q&A) updates for this week.

February 15, 2019 WebPage Regulatory News
News

SEC Proposes Rule on Risk Mitigation Techniques for Uncleared SBS

SEC proposed a rule that would require the application of specific risk-mitigation techniques to portfolios of security-based swaps (SBS) that are not submitted for clearing.

February 15, 2019 WebPage Regulatory News
RESULTS 1 - 10 OF 2623