FIN-FSA Updates Rules and Guidelines on Management of Operational Risk

The objective of these regulations and guidelines is to ensure that the following steps are taken:

• The supervised entity organizes its operational risk management to fulfill requirements determined by the scope and character of its operations.
• If necessary, the risk management tasks may be outsourced in compliance with the FIN-FSA regulations and guidelines 1/2012 on outsourcing. 
• The supervised entity ensures an appropriate level of information management, information security, and continuity of operations. 
• FIN-FSA is informed of significant disruptions and faults in the entity's operations and other impairments as well as losses due to realizations of operational risk.

The amendments to the regulations and guidelines are due to Directive 2016/1148 on security of network and information systems (NIS), Article 96(6) of the reformed Payment Systems Directive (PSD2) (EU) 2015/2366, Article 33(6) of Regulation (EU) 2018/389, Guidelines of EBA on fraud reporting (EBA/GL/2018/05), and on the conditions to benefit from an exemption from the contingency mechanism under PSD2 (EBA/GL/2018/07). Through these amendments, FIN-FSA provides more specific regulations and guidelines for incident reporting under the NIS Directive. The regulations and guidelines also communicate to supervised entities certain EBA guidelines which should be taken into account by the supervised entities in their activities.

Related Links

• Press Release
• Regulations and Guidelines 8/2014 (PDF)
  
• Summary of Comments (PDF in Finnish) 
  

Effective Date: January 01, 2020

Keywords: Europe, Finland, Banking, Operational Risk, Outsourcing, EBA, FIN-FSA