EBA Guidelines on ICT and Security risk management – EBA/GL/2019/04 has been saved
EBA Guidelines on ICT and Security risk management – EBA/GL/2019/04
Establishing harmonized requirements for ICT and security risk management across the Single Market
On 28 November 2019, the European Banking Authority (EBA) published the Final Report on the Guidelines on ICT and security risk management (EBA/GL/2019/04) to establish requirements for credit institutions, investment firms and payment service providers (PSPs) on the mitigation and management of ICT and security risks.
The purpose of the Guidelines is to establish requirements for the management of ICT and security risks, both of which have escalated in recent years due to the increasing digitalization of the financial sector and the growing interconnectedness with other financial institutions and third parties through telecommunication channels.
The Guidelines, which will enter into force on 30 June 2020, set out expectations of how all financial institutions should manage internal and external ICT and security risks that they may be exposed to.
This article is intended for credit institutions, investment firms and payment service providers operating in Luxembourg and will cover the following key questions:
- Why effective ICT and security risk management is important to financial institutions?
- How are the different financial institutions impacted by the Guidelines?
- What are the main principles and domains of the Guidelines?
- How can Deloitte help?