Article

EBA Guidelines on ICT and Security risk management – EBA/GL/2019/04

Establishing harmonized requirements for ICT and security risk management across the Single Market

On 28 November 2019, the European Banking Authority (EBA) published the Final Report on the Guidelines on ICT and security risk management (EBA/GL/2019/04) to establish requirements for credit institutions, investment firms and payment service providers (PSPs) on the mitigation and management of ICT and security risks.

The purpose of the Guidelines is to establish requirements for the management of ICT and security risks, both of which have escalated in recent years due to the increasing digitalization of the financial sector and the growing interconnectedness with other financial institutions and third parties through telecommunication channels.

The Guidelines, which will enter into force on 30 June 2020, set out expectations of how all financial institutions should manage internal and external ICT and security risks that they may be exposed to.

This article is intended for credit institutions, investment firms and payment service providers operating in Luxembourg and will cover the following key questions:

Why effective ICT and security risk management is important to financial institutions?
How are the different financial institutions impacted by the Guidelines?
What are the main principles and domains of the Guidelines?
How can Deloitte help?

PDF - 961kb

Contacts

Irina Hedea

Partner | Information & Technology Risk

ighedea@deloitte.lu

+352 45145 2944

Irina is a Partner in Risk Advisory services, with more than 15 years’ experience in IT risk, IT Regulatory and Outsourcing, Information Security Management, digital trust services and project managem... More

Roland Bastin

Partner | Risk Advisory & Forensic

rbastin@deloitte.lu

+352 45145 2213

Roland is a partner within the advisory and consulting department and joined the Risk Advisory practice of Deloitte in 2001. He is responsible for IT audit, IT security, IT regulatory compliance, Data... More

Stéphane Hurtaud

Partner | Cyber Security Leader

shurtaud@deloitte.lu

+352 45145 4434

Stéphane is a partner within our Risk Advisory practice. He has over 25 years of experience in the IT risk, Information Security and IT audit fields, with a strong focus on the financial services indu... More

Viewing offline content

Audit & Assurance

Consulting

Tax

Financial Advisory

Risk Advisory

Deloitte Private

Corporate and Accounting

Innovation

Sustainability

International markets

Legal

Consumer

Energy, Resources & Industrials

Financial Services

Government & Public Services

Life Sciences & Health Care

Technology, Media & Telecommunications

Job Search

Your Career at Deloitte Luxembourg

Luxembourg Deloitte Alumni

EBA Guidelines on ICT and Security risk management – EBA/GL/2019/04

Establishing harmonized requirements for ICT and security risk management across the Single Market

Contacts

Irina Hedea

Partner | Information & Technology Risk

Roland Bastin

Partner | Risk Advisory & Forensic

Stéphane Hurtaud

Partner | Cyber Security Leader

Related pages

Link your accounts

Viewing offline content

EBA Guidelines on ICT and Security risk management – EBA/GL/2019/04

Establishing harmonized requirements for ICT and security risk management across the Single Market

Contacts

Partner | Information & Technology Risk

Partner | Risk Advisory & Forensic

Partner | Cyber Security Leader

Related pages

Link your accounts

You previously joined My Deloitte using the same email. Log in here with your My Deloitte password to link accounts. | | Deloitte users: Log in here one time only with the password you have been using for Dbriefs/My Deloitte.

You've previously logged into My Deloitte with a different account. Link your accounts by re-verifying below, or by logging in with a social media account.

Looks like you've logged in with your email address, and with your social media. Link your accounts by signing in with your email or social account.