FIN-FSA updated the "Regulations and guidelines 8/2014" on management of operational risk by supervised entities. The Regulations and guidelines 8/2014 will enter into force on January 01, 2020. These regulations and guidelines concern the principles and organization of operational risk management, covering the topics of process management, staff, information and payment systems, information security, continuity planning, and legal risk. Among others, the updates have been made in incident reporting concerning network and information security breaches and fraud reporting concerning payment services.
The objective of these regulations and guidelines is to ensure that the following steps are taken:
- The supervised entity organizes its operational risk management to fulfill requirements determined by the scope and character of its operations.
- If necessary, the risk management tasks may be outsourced in compliance with the FIN-FSA regulations and guidelines 1/2012 on outsourcing.
- The supervised entity ensures an appropriate level of information management, information security, and continuity of operations.
- FIN-FSA is informed of significant disruptions and faults in the entity's operations and other impairments as well as losses due to realizations of operational risk.
The amendments to the regulations and guidelines are due to Directive 2016/1148 on security of network and information systems (NIS), Article 96(6) of the reformed Payment Systems Directive (PSD2) (EU) 2015/2366, Article 33(6) of Regulation (EU) 2018/389, Guidelines of EBA on fraud reporting (EBA/GL/2018/05), and on the conditions to benefit from an exemption from the contingency mechanism under PSD2 (EBA/GL/2018/07). Through these amendments, FIN-FSA provides more specific regulations and guidelines for incident reporting under the NIS Directive. The regulations and guidelines also communicate to supervised entities certain EBA guidelines which should be taken into account by the supervised entities in their activities.
Effective Date: January 01, 2020
Keywords: Europe, Finland, Banking, Operational Risk, Outsourcing, EBA, FIN-FSA
HKMA announced that enhancements will be made to the Special 100% Loan Guarantee of the SME Financing Guarantee Scheme (SFGS) and the application period will be extended to December 31, 2021.
BoE has set out a three-phased plan to transform data collection from the UK financial sector over the next decade.
BIS recently made a couple of announcements with respect to the planned and ongoing work in the area of financial technology.
ESRB updated the list of national macro-prudential measures applied by each member state in the European Economic Area.
BoE has set out results of a survey on the impact of COVID-19 events on the use of machine learning and data science.
In response to a request from the European Council and Parliament, ECB published an opinion on the proposed regulation on markets in crypto-assets.
APRA announced the updated aggregate amounts for the 2021 Committed Liquidity Facility (CLF) established between the Reserve Bank of Australia (RBA) and certain locally incorporated authorized deposit-taking institutions that are subject to the Liquidity Coverage Ratio (LCR).
ECB published supervisory Memorandums of Understanding (MoUs) with UK as well as other European and non-European authorities.
EIOPA identified business model sustainability and adequate product design as the two EU-wide strategic supervisory priorities.
After considering comments received on the November 2020 proposal, US Agencies (FDIC, FED and OCC) are proceeding with the proposed revisions to the reporting forms and instructions for Call Reports FFIEC 031, FFIEC 041, and FFIEC 051.