|
The EBA launched a consultation on its draft Guidelines on the assessment of the Information and Communication Technology (ICT) risk in the context of the Supervisory Review and Evaluation Process (SREP).
The growing importance and increasing complexity of ICT risk within the banking industry and in individual institutions, as well as the increasing potential adverse prudential impact from this risk on an institution and on the sector as a whole led the European Banking Authority (EBA) to develop these Guidelines on its own initiative to assist competent authorities in their assessment of ICT risk as part of the SREP.
These Guidelines build on existing references to ICT risk in the EBA SREP guidelines providing the scope and methodology for the assessment of ICT risk within an institution. The guidelines are structured around 3 main parts:
The assessment contained in these guidelines feeds into the EBA SREP methodology more generally, therefore, they should be read along with the EBA SREP Guidelines, which continue to remain applicable as appropriate.
Comments to this consultation can be sent to the EBA by 06 January 2017. A public hearing will take place at the EBA premises on 22 November from 13.30 to 16.30 UK time.