FIN-FSA updated the "Regulations and guidelines 8/2014" on management of operational risk by supervised entities. The Regulations and guidelines 8/2014 will enter into force on January 01, 2020. These regulations and guidelines concern the principles and organization of operational risk management, covering the topics of process management, staff, information and payment systems, information security, continuity planning, and legal risk. Among others, the updates have been made in incident reporting concerning network and information security breaches and fraud reporting concerning payment services.
The objective of these regulations and guidelines is to ensure that the following steps are taken:
- The supervised entity organizes its operational risk management to fulfill requirements determined by the scope and character of its operations.
- If necessary, the risk management tasks may be outsourced in compliance with the FIN-FSA regulations and guidelines 1/2012 on outsourcing.
- The supervised entity ensures an appropriate level of information management, information security, and continuity of operations.
- FIN-FSA is informed of significant disruptions and faults in the entity's operations and other impairments as well as losses due to realizations of operational risk.
The amendments to the regulations and guidelines are due to Directive 2016/1148 on security of network and information systems (NIS), Article 96(6) of the reformed Payment Systems Directive (PSD2) (EU) 2015/2366, Article 33(6) of Regulation (EU) 2018/389, Guidelines of EBA on fraud reporting (EBA/GL/2018/05), and on the conditions to benefit from an exemption from the contingency mechanism under PSD2 (EBA/GL/2018/07). Through these amendments, FIN-FSA provides more specific regulations and guidelines for incident reporting under the NIS Directive. The regulations and guidelines also communicate to supervised entities certain EBA guidelines which should be taken into account by the supervised entities in their activities.
Effective Date: January 01, 2020
Keywords: Europe, Finland, Banking, Operational Risk, Outsourcing, EBA, FIN-FSA
EC published Regulation 2021/25 that addresses amendments related to the financial reporting consequences of replacement of the existing interest rate benchmarks with alternative reference rates.
BIS published a bulletin, or a note, that examines the cyber threat landscape in the context of the pandemic and discusses policies to reduce risks to financial stability.
HM Treasury, also known as HMT, has updated the table containing the list of the equivalence decisions that came into effect in UK at the end of the transition period of its withdrawal from EU.
EBA published an erratum for technical package on phase 1 of the reporting framework 3.0.
APRA updated a frequently asked question (FAQ), for authorized deposit-taking institutions, on the measurement of credit risk weighted assets.
EBA published the quarterly risk dashboard, along with the results of the Risk Assessment Questionnaire survey among 60 banks and 15 market analysts.
ECB concluded the public consultation on the introduction of a digital euro in EU.
ECB published a guide that sets out the supervisory approach to consolidation in the banking sector.
The SRB Chair Elke König published an article setting out work priorities for 2021.
FDIC has selected 11 technology companies—including BearingPoint, Fed Reporter, Inc, and S&P Global Market Intelligence, LLC—for inclusion in the third and final phase of the rapid prototyping competition.