FIN-FSA updated the "Regulations and guidelines 8/2014" on management of operational risk by supervised entities. The Regulations and guidelines 8/2014 will enter into force on January 01, 2020. These regulations and guidelines concern the principles and organization of operational risk management, covering the topics of process management, staff, information and payment systems, information security, continuity planning, and legal risk. Among others, the updates have been made in incident reporting concerning network and information security breaches and fraud reporting concerning payment services.
The objective of these regulations and guidelines is to ensure that the following steps are taken:
- The supervised entity organizes its operational risk management to fulfill requirements determined by the scope and character of its operations.
- If necessary, the risk management tasks may be outsourced in compliance with the FIN-FSA regulations and guidelines 1/2012 on outsourcing.
- The supervised entity ensures an appropriate level of information management, information security, and continuity of operations.
- FIN-FSA is informed of significant disruptions and faults in the entity's operations and other impairments as well as losses due to realizations of operational risk.
The amendments to the regulations and guidelines are due to Directive 2016/1148 on security of network and information systems (NIS), Article 96(6) of the reformed Payment Systems Directive (PSD2) (EU) 2015/2366, Article 33(6) of Regulation (EU) 2018/389, Guidelines of EBA on fraud reporting (EBA/GL/2018/05), and on the conditions to benefit from an exemption from the contingency mechanism under PSD2 (EBA/GL/2018/07). Through these amendments, FIN-FSA provides more specific regulations and guidelines for incident reporting under the NIS Directive. The regulations and guidelines also communicate to supervised entities certain EBA guidelines which should be taken into account by the supervised entities in their activities.
Effective Date: January 01, 2020
Keywords: Europe, Finland, Banking, Operational Risk, Outsourcing, EBA, FIN-FSA
EBA published phase 2 of the technical package on the reporting framework 2.10, providing the technical tools and specifications for implementation of EBA reporting requirements.
FASB issued a proposed Accounting Standards Update that would grant insurance companies, adversely affected by the COVID-19 pandemic, an additional year to implement the Accounting Standards Update No. 2018-12 on targeted improvements to accounting for long-duration insurance contracts, or LDTI (Topic 944).
APRA updated the regulatory approach for loans subject to repayment deferrals amid the COVID-19 crisis.
BCBS and FSB published a report on supervisory issues associated with benchmark transition.
IAIS published a report on supervisory issues associated with benchmark transition from an insurance perspective.
ESMA updated the reporting manual on the European Single Electronic Format (ESEF).
EBA published a statement on resolution planning in light of the COVID-19 pandemic.
ECB published a guideline (2020/97), in the Official Journal of European Union, on the definition of materiality threshold for credit obligations past due for less significant institutions.
FED temporarily revised the capital assessments and stress testing reports (FR Y-14A/Q/M) to implement the changes in response to the COVID-19 pandemic.
BCBS Finalizes Revisions to Credit Valuation Adjustment Risk Framework