EBA publishes the final guidelines on ICT and security risk management
The European Banking Authority (EBA) published on November 28th the final guidelines on ICT and security risk management whose role is to set up requirements for credit institutions, investment firms and payment service providers (PSPs) in regards to mitigating and managing their information and communication technology (ICT) as well as security risks.
The operations of the financial institutions have become more vulnerable to ICT and security risks due to the increased digitalisation in the financial sector. In this regard, sound ICT and security risk management are key for a financial institution to achieve its objectives (corporate, strategic, operational as well as reputational ones).
This article provides further insight on how financial institutions should manage internal and external ICT and security risks that they are exposed to.