Featured Product

    EBA Consults on Guidelines on ICT and Security Risk Management

    December 13, 2018

    EBA launched a consultation on the draft guidelines on ICT and security risk management. These guidelines establish requirements for credit institutions, investment firms, and payment service providers (PSPs) on the mitigation and management of their information and communication technology (ICT) risks and aim to ensure a consistent and robust approach across the Single Market. The consultation runs until March 13, 2019.

    The guidelines outline expectations in relation to governance, risk assessment process, information security requirements, ICT operational management, security in the change and development processes, and business continuity management to mitigate ICT and security risks. Due to an increasing reliance on ICT for their operational functioning, financial institutions are vulnerable to increased threats from internal and external attacks, including cyber-attacks, or breaches that may arise from inadequate business continuity planning for ICT systems and processes, or poor processes related to ICT change management. These guidelines aim to mitigate all ICT risks—whether internal or external—, including security-related risks, for all financial institutions. 

    The Guidelines are addressed to credit institutions and investment firms as defined in the Capital Requirements Directive (CRD), for all of their activities, and to PSPs subject to the revised Payment Services Directive (PSD2), for their payment services. These guidelines respond to EC's FinTech Action plan request for the EBA to develop guidelines on ICT risk management and mitigation requirements in the financial sector in EU. The guidelines on security measures for operational and security risks (EBA GL/2017/17) have been fully integrated in the EBA guidelines on ICT and security risk management and will be repealed when these proposed guidelines enter into force.

     

    Related Links

    Comment Due Date: March 13, 2019

    Keywords: Europe, EU, Banking, PMI, Guidelines, Cyber Risk, ICT Risk, Regtech, CRD, PSD2, EBA

    Related Articles
    News

    BaFin Publishes Submission Deadlines Under Solvency II

    BaFin published quarterly and annual submission deadlines on the Solvency II reporting page on its website.

    February 25, 2020 WebPage Regulatory News
    News

    RBNZ to Address Cyber Risk Through Risk Management Guidance

    RBNZ announced that it is strengthening its efforts to enhance resilience of the financial system from cyber threats, including developing risk management guidance and promoting information-sharing in collaboration with industry and other public organizations.

    February 25, 2020 WebPage Regulatory News
    News

    FSI Convened Meeting on Climate Risk Assessment in Financial Sector

    The Financial Stability Institute (FSI) of BIS issued a summary of the meeting held in Basel from February 20-21, 2020.

    February 24, 2020 WebPage Regulatory News
    News

    BCBS Updates Basel III Monitoring Workbook in February 2020

    BCBS updated the workbook for Basel III monitoring to version 4.1.2, for the collection of December 2019 data.

    February 24, 2020 WebPage Regulatory News
    News

    Bank of Finland Updates Validation Checks for AnaCredit Reporting

    Bank of Finland published Version 1.8 of the validation checks for credit data collection under the AnaCredit Regulation.

    February 24, 2020 WebPage Regulatory News
    News

    APRA Plans to Assess Climate Risks and Develop Prudential Guidance

    APRA published a letter that outlines its plans to undertake a climate change vulnerability assessment and develop a prudential practice guide focused on climate-related financial risks.

    February 24, 2020 WebPage Regulatory News
    News

    FDIC Publishes Guide to Help with Third-Party Risk Management

    The technology lab of FDIC (FDiTech) published a new guide to help financial technology, or fintech, companies and others partner with banks.

    February 24, 2020 WebPage Regulatory News
    News

    PRA Removes References to LIBOR in SoP on Pillar 2 Capital and SS20/15

    PRA published a policy statement (PS3/20) that provides updates to certain supervisory statements (SS20/15, SS28/15, and SS35/15) and statements of policy (SoP).

    February 24, 2020 WebPage Regulatory News
    News

    APRA to Transition to Annual Stress Testing of Large Banks in 2020

    APRA published key findings of the stress testing assessment conducted on authorized deposit-taking institutions.

    February 21, 2020 WebPage Regulatory News
    News

    BoE Updates Version 1.1.0 of Taxonomy for Form AS and Form FV

    BoE published the statistical notice 2020/01 that provides an update to Version 1.1.0 of the taxonomy for forms AS (MFI holdings of securities collection) and FV (Financial Vehicle Corporations return) and the associated validation rules.

    February 21, 2020 WebPage Regulatory News
    RESULTS 1 - 10 OF 4729