FIN-FSA updated the "Regulations and guidelines 8/2014" on management of operational risk by supervised entities. The Regulations and guidelines 8/2014 will enter into force on January 01, 2020. These regulations and guidelines concern the principles and organization of operational risk management, covering the topics of process management, staff, information and payment systems, information security, continuity planning, and legal risk. Among others, the updates have been made in incident reporting concerning network and information security breaches and fraud reporting concerning payment services.
The objective of these regulations and guidelines is to ensure that the following steps are taken:
- The supervised entity organizes its operational risk management to fulfill requirements determined by the scope and character of its operations.
- If necessary, the risk management tasks may be outsourced in compliance with the FIN-FSA regulations and guidelines 1/2012 on outsourcing.
- The supervised entity ensures an appropriate level of information management, information security, and continuity of operations.
- FIN-FSA is informed of significant disruptions and faults in the entity's operations and other impairments as well as losses due to realizations of operational risk.
The amendments to the regulations and guidelines are due to Directive 2016/1148 on security of network and information systems (NIS), Article 96(6) of the reformed Payment Systems Directive (PSD2) (EU) 2015/2366, Article 33(6) of Regulation (EU) 2018/389, Guidelines of EBA on fraud reporting (EBA/GL/2018/05), and on the conditions to benefit from an exemption from the contingency mechanism under PSD2 (EBA/GL/2018/07). Through these amendments, FIN-FSA provides more specific regulations and guidelines for incident reporting under the NIS Directive. The regulations and guidelines also communicate to supervised entities certain EBA guidelines which should be taken into account by the supervised entities in their activities.
Effective Date: January 01, 2020
Keywords: Europe, Finland, Banking, Operational Risk, Outsourcing, EBA, FIN-FSA
Previous ArticleEIOPA Consults on Approach for Regulating Key Aspects of PEPP
ECB published Guideline 2021/975, which amends Guideline ECB/2014/31, on the additional temporary measures relating to Eurosystem refinancing operations and eligibility of collateral.
EIOPA published a report, from the Consultative Expert Group on Digital Ethics, that sets out artificial intelligence governance principles for an ethical and trustworthy artificial intelligence in the insurance sector in EU.
HKMA published the seventh and final issue of the Regtech Watch series, which outlines the three-year roadmap of HKMA to integrate supervisory technology, or suptech, into its processes.
EC launched a targeted consultation to improve transparency and efficiency in the secondary markets for nonperforming loans (NPLs).
BIS, Danmarks Nationalbank, Central Bank of Iceland, Norges Bank, and Sveriges Riksbank launched an Innovation Hub in Stockholm, making this the fifth BIS Innovation Hub Center to be opened in the past two years.
FDITECH, the technology lab of FDIC, announced a tech sprint that is designed to explore new technologies and techniques that would help expand the capabilities of community banks to meet the needs of unbanked individuals and households.
EC released the EU Taxonomy Compass, which visually represents the contents of the EU Taxonomy starting with the EU Taxonomy Climate Delegated Act.
FDIC is seeking comments on a rule to amend the interagency guidelines for real estate lending policies—also known as the Real Estate Lending Standards.
EIOPA published its annual report, which sets out the work done in 2020 and indicates the planned work areas for the coming months.
The ESRB paper that presents an analytical framework that assesses and quantifies the potential impact of a bank failure on the real economy through the lending function.