FIN-FSA Updates Rules and Guidelines on Management of Operational Risk

By Regulatory News

November 11, 2019

FIN-FSA updated the "Regulations and guidelines 8/2014" on management of operational risk by supervised entities. The Regulations and guidelines 8/2014 will enter into force on January 01, 2020. These regulations and guidelines concern the principles and organization of operational risk management, covering the topics of process management, staff, information and payment systems, information security, continuity planning, and legal risk. Among others, the updates have been made in incident reporting concerning network and information security breaches and fraud reporting concerning payment services.

The objective of these regulations and guidelines is to ensure that the following steps are taken:

The supervised entity organizes its operational risk management to fulfill requirements determined by the scope and character of its operations.
If necessary, the risk management tasks may be outsourced in compliance with the FIN-FSA regulations and guidelines 1/2012 on outsourcing.
The supervised entity ensures an appropriate level of information management, information security, and continuity of operations.
FIN-FSA is informed of significant disruptions and faults in the entity's operations and other impairments as well as losses due to realizations of operational risk.

The amendments to the regulations and guidelines are due to Directive 2016/1148 on security of network and information systems (NIS), Article 96(6) of the reformed Payment Systems Directive (PSD2) (EU) 2015/2366, Article 33(6) of Regulation (EU) 2018/389, Guidelines of EBA on fraud reporting (EBA/GL/2018/05), and on the conditions to benefit from an exemption from the contingency mechanism under PSD2 (EBA/GL/2018/07). Through these amendments, FIN-FSA provides more specific regulations and guidelines for incident reporting under the NIS Directive. The regulations and guidelines also communicate to supervised entities certain EBA guidelines which should be taken into account by the supervised entities in their activities.

Related Links

Effective Date: January 01, 2020

Keywords: Europe, Finland, Banking, Operational Risk, Outsourcing, EBA, FIN-FSA

Central Bank of Ireland on Third-Party Arrangement in Insurance Sector

GLEIF Publishes Update on Global Regulatory Use of LEI

News

EC Adopts Financial Reporting Changes Arising from Benchmark Reforms

EC published Regulation 2021/25 that addresses amendments related to the financial reporting consequences of replacement of the existing interest rate benchmarks with alternative reference rates.