EIOPA Consults on Guidelines on ICT Security and Governance
EIOPA issued a consultation on guidelines on the Information and Communication Technology (ICT) security and governance by insurers. The guidelines covers the areas of governance and risk management, ICT operations security, and ICT operations management. These guidelines shall provide guidance to national supervisory authorities and market participants on how regulation regarding operational risks set forth in the Solvency II Directive (2009/138/EC), the Delegated Regulation 2015/35, and EIOPA Guidelines on System of Governance is applied in the case of ICT security and governance. The consultation period on these guidelines ends on March 13, 2020.
Recognizing the need for being prepared for cyber risk and a sound cyber-security framework by undertakings, these guidelines also cover cyber-security as a part of the information security measures of an undertaking. The objective of these guidelines is to provide clarification and transparency to market participants on the minimum expected information and cyber-security capabilities. The guidelines are intended to help avoid potential regulatory arbitrage and to foster supervisory convergence regarding the expectations and processes applicable in relation to ICT security and governance as a key to proper ICT and security risk management. The guidelines should be read in conjunction with and without prejudice to the Solvency II Directive, the Delegated Regulation, EIOPA Guidelines on system of governance and EIOPA Guidelines on outsourcing to cloud service providers. As a next step, EIOPA will consider the feedback received to this consultation, publish a final report on the consultation, and submit the guidelines for adoption by its Board of Supervisors.
Related Links
Comment Due Date: March 13, 2020
Keywords: Europe, EU, Insurance, Cyber Risk, Operational Risk, Fintech, Solvency II, Cloud Service Providers, EIOPA
Featured Experts

Paul McCarney
Insurance product strategist; insurance domain expert; extensive experience developing risk assessment frameworks for insurers

Brian Robinson
Actuary; risk management specialist; corporate and capital modelling expert
Next Article
FDIC Publishes Annual Report for 2019Related Articles
ISSB Sustainability Standards Expected to Become Global Baseline
The finalization of the two sustainability disclosure standards—IFRS S1 and IFRS S2—is expected to be a significant step forward in the harmonization of sustainability disclosures worldwide.
IOSCO, BIS, and FSB to Intensify Focus on Decentralized Finance
Decentralized finance (DeFi) is expected to increase in prominence, finding traction in use cases such as lending, trading, and investing, without the intermediation of traditional financial institutions.
BCBS Assesses NSFR and Large Exposures Rules in US
The Basel Committee on Banking Supervision (BCBS) published reports that assessed the overall implementation of the net stable funding ratio (NSFR) and the large exposures rules in the U.S.
Global Agencies Focus on ESG Data, Climate Litigation and Nature Risks
At the global level, supervisory efforts are increasingly focused on addressing climate risks via better quality data and innovative use of technologies such as generative artificial intelligence (AI) and blockchain.
ISSB Standards Shine Spotlight on Comparability of ESG Disclosures
The finalization of the IFRS sustainability disclosure standards in late June 2023 has brought to the forefront the themes of the harmonization of sustainability disclosures
EBA Issues Several Regulatory and Reporting Updates for Banks
The European Banking Authority (EBA) recently issued several regulatory publications impacting the banking sector.
BCBS Proposes to Revise Core Principles for Banking Supervision
The Basel Committee on Banking Supervision (BCBS) launched a consultation on revisions to the core principles for effective banking supervision, with the comment period ending on October 06, 2023.
US Proposes Final Basel Rules, Transition Period to Start in July 2025
The U.S. banking agencies (FDIC, FED, and OCC) recently proposed rules implementing the final Basel III reforms, also known as the Basel III Endgame.
FSB Report Outlines Next Steps for Climate Risk Roadmap
The Financial Stability Board (FSB) recently published the second annual progress report on the July 2021 roadmap to address climate-related financial risks.
EBA Plans on Ad-hoc ESG Data Collection and Climate Scenario Exercise
The recognition of climate change as a systemic risk to the global economy has further intensified regulatory and supervisory focus on monitoring of the environmental, social, and governance (ESG) risks.