Overall, the analysis suggests that the competent authorities across the EU have applied a risk-based approach to the supervision of ICT risk management. The EBA has not identified any significant concerns regarding the supervisory practices but makes some general recommendations for further improvements.
The European Banking Authority (EBA) published today the
conclusion of its peer review of how competent authorities supervise
institutions’ ICT risk management and have implemented the EBA Guidelines on ICT risk assessment
under the supervisory review and evaluation process (SREP).
The peer review findings suggest that the EU competent authorities
have largely implemented the EBA Guidelines on ICT Risk Assessment under
the SREP and applied them in their supervisory practices.
The findings also suggest that the competent authorities have applied
a risk-based approach to the supervision of ICT risk management where
the depth and frequency of the assessments correlate with the level of
ICT risk of the institutions.
The peer review did not raise significant concerns regarding the
supervisory practices on ICT risk management, but the EBA makes a number
of general recommendations to further strengthen supervisory practices.
The peer review also includes recommendations to the EBA to incorporate
a number of identified good practices into the Guidelines on ICT risk
assessment under the SREP when the latter will be reviewed in the
future.
EBA
© EBA
Key
Hover over the blue highlighted
text to view the acronym meaning
Hover
over these icons for more information
Comments:
No Comments for this Article