EU supervisors are focusing on Cloud, Cyber, Information and Technology Risk
Are you ready to meet the supervisory expectations on January 2018?
1. On 12 May, the European Banking Authority (EBA) published its final Guidelines on the assessment of the ICT risk in the context of the Supervisory Review and Evaluation Process (SREP).
o The guidelines outline the supervisor’s role in reviewing ICT risk in the industry and the information to be collected from the banks
o ICT standardized supervision is fully from 01 January 2018
o Linking ICT to SREP and Pillar II capital buffers
2. ECB has initiated a reporting framework for significant cyber incidents that was implemented as a pilot scheme in 2016 and is planned to go live in the third quarter of 2017
o This will require incidents to be reported as soon as the banks detect them.
o The information will be used to identify and monitor trends in cyber incidents affecting significant institutions and will facilitate a fast reaction by the ECB in the event that a major incident affects one or more significant banks.
o The outcome of the analysis will also feed into defining the key priorities with regard to the supervision of cyber risk.
3. On 18 May, EBA also launched a consultation setting out its guidance for the use of cloud service providers by financial institutions.
o EBA Recommendations intend to clarify the EU-wide supervisory expectations if institutions intend to adopt cloud computing, so as to allow them to leverage the benefits of using cloud services, while ensuring that any related risks are adequately identified and managed.
o The consultation runs until 18 August 2017.
Our Cloud, Cyber security and IT Risk team is designed to assist and advise your organization in all aspects of IT security, including upgrade of your ICT risk framework to comply with the new supervisory expectations.
Should you be interested in any of our solutions, including a free of charge consultation with our team, please do not hesitate to contact us.