Solutions
Industries
Moody's Analytics Brands
A-Z Product List
Access Online Products
Moody's Analytics Product Training
Learn about the Moody's Analytics CECL solution
Featured Solution
Current Expected Credit Loss
Moody's Analytics Featured Product
Featured Product
The CreditLens™ Platform
Moody's Analytics Partner Alliance
Moody's Analytics PartnerAlliance
Delivering Solutions Worldwide
Insights
Regulatory News
Webinars-on-Demand
Moody's Analytics Risk Perspectives
Meet Our Experts
Connect With Us
Moody's Analytics Risk Perspectives Magazine
NEWEST EDITION
Risk Perspectives: Managing Disruption
Moody's Analytics Risk Practitioner Community
FEATURED USER GROUP
Risk Practitioner Community
Meet Moody's Analytics Subject Matter Experts
SUBJECT MATTER EXPERTS
Meet Our Leading Experts
Events Calendar
Training
Inquire About Upcoming Events
Meet Our Experts
Connect with us in social media
SOCIAL MEDIA
Connect With Us
Search career opportunities at Moody's Analytics
CAREERS
Search Job Opportunities
Moody's Analytics Conferences
CALENDAR
Events and Webinars
About Us
Regions
Office Locations
Partner With Us
Connect With Us
Join Us
Learn about Moody's Analytics awards
AWARDS
Industry Recognition
Press Releases and News
NEWS
News and Press Releases
Search career opportunities at Moody's Analytics
CAREERS
Search Job Opportunities

EBA Consults on Guidelines on ICT and Security Risk Management

By Regulatory News

December 13, 2018

EBA launched a consultation on the draft guidelines on ICT and security risk management. These guidelines establish requirements for credit institutions, investment firms, and payment service providers (PSPs) on the mitigation and management of their information and communication technology (ICT) risks and aim to ensure a consistent and robust approach across the Single Market. The consultation runs until March 13, 2019.

The guidelines outline expectations in relation to governance, risk assessment process, information security requirements, ICT operational management, security in the change and development processes, and business continuity management to mitigate ICT and security risks. Due to an increasing reliance on ICT for their operational functioning, financial institutions are vulnerable to increased threats from internal and external attacks, including cyber-attacks, or breaches that may arise from inadequate business continuity planning for ICT systems and processes, or poor processes related to ICT change management. These guidelines aim to mitigate all ICT risks—whether internal or external—, including security-related risks, for all financial institutions. 

The Guidelines are addressed to credit institutions and investment firms as defined in the Capital Requirements Directive (CRD), for all of their activities, and to PSPs subject to the revised Payment Services Directive (PSD2), for their payment services. These guidelines respond to EC's FinTech Action plan request for the EBA to develop guidelines on ICT risk management and mitigation requirements in the financial sector in EU. The guidelines on security measures for operational and security risks (EBA GL/2017/17) have been fully integrated in the EBA guidelines on ICT and security risk management and will be repealed when these proposed guidelines enter into force.

 

Related Links

Comment Due Date: March 13, 2019

Keywords: Europe, EU, Banking, PMI, Guidelines, Cyber Risk, ICT Risk, Regtech, CRD, PSD2, EBA

Related Articles
News

BIS Report Discusses Regulatory Issues Related to Big Techs in Finance

BIS has pre-released a chapter of the BIS Annual Economic Report; this chapter focuses on the risks and opportunities presented by large technology firms (big techs) in the financial services sector.

June 23, 2019 WebPage Regulatory News
News

IOSCO Report Examines Liquidity in Corporate Bond Markets

IOSCO published a report that examines the factors affecting liquidity, under stressed conditions, in the secondary corporate bond markets.

June 21, 2019 WebPage Regulatory News
News

EBA Single Rulebook Q&A: Third Update for June 2019

Under the Single Rulebook question and answer (Q&A) updates for this week, EBA published one answer regarding the calculation of institution-specific countercyclical capital buffer rates.

June 21, 2019 WebPage Regulatory News
News

HKMA Publishes Banking Exposure Limits Code Under Banking Ordinance

HKMA issued a circular to all authorized institutions informing that the Banking (Exposure Limits) Code has been published in the Gazette on June 21, 2019.

June 21, 2019 WebPage Regulatory News
News

BCBS Report Examines Global Pillar 2 Supervisory Review Practices

BCBS published a report that examines the Pillar 2 supervisory review practices and approaches in Basel member jurisdictions.

June 21, 2019 WebPage Regulatory News
News

FED Publishes Results of the 2019 Stress Tests for Banks

FED published a report presenting results of the Dodd-Frank Act Stress Test (DFAST) exercise for 2019.

June 21, 2019 WebPage Regulatory News
News

IASB Publishes Work Plan and Meeting Updates for June 2019

IASB published an updated work plan and a summary of its June meeting, which presents preliminary decisions of the Board.

June 21, 2019 WebPage Regulatory News
News

OSFI Proposes Guideline on Internal Model Oversight for Insurers

OSFI proposed the draft guideline E-25 on the internal model oversight framework for federally regulated property and casualty (P&C) insurance companies.

June 21, 2019 WebPage Regulatory News
News

BCBS Publishes Summary of the Meeting in June 2019

BCBS published a summary of its June meeting in Basel.

June 20, 2019 WebPage Regulatory News
News

OCC Bulletin on Risk Management Guidance for Home Mortgage Lending

OCC published Bulletin 2019-28 on risk management guidance for higher-loan-to-value (LTV) lending activities in communities targeted for revitalization.

June 19, 2019 WebPage Regulatory News
RESULTS 1 - 10 OF 3298