The EBA launched a consultation on its draft Guidelines on the assessment of the Information and Communication Technology (ICT) risk in the context of the Supervisory Review and Evaluation Process (SREP).
The growing importance and increasing complexity of ICT risk within the banking industry and in individual institutions, as well as the increasing potential adverse prudential impact from this risk on an institution and on the sector as a whole led the European Banking Authority (EBA) to develop these Guidelines on its own initiative to assist competent authorities in their assessment of ICT risk as part of the SREP.
These Guidelines build on existing references to ICT risk in the EBA SREP guidelines providing the scope and methodology for the assessment of ICT risk within an institution. The guidelines are structured around 3 main parts:
-
Setting the context and scope of the ensuing assessment;
-
Addressing what competent authorities should expect to see with regard to management of ICT risks at senior management level and management body level, as well as the assessment of an institution's ICT strategy and its alignment with the business strategy; and
-
Covering the assessment of the institution‘s ICT risk exposures and the effectiveness of controls.
The assessment contained in these guidelines feeds into the EBA SREP methodology more generally, therefore, they should be read along with the EBA SREP Guidelines, which continue to remain applicable as appropriate.
Comments to this consultation can be sent to the EBA by 06 January 2017. A public hearing will take place at the EBA premises on 22 November from 13.30 to 16.30 UK time.
Press release
Consultation paper
© EBA
Key
Hover over the blue highlighted
text to view the acronym meaning
Hover
over these icons for more information
Comments:
No Comments for this Article