The European Banking Authority (EBA) has published the conclusion of its peer review of how competent authorities supervise institutions’ ICT risk management.
Alongside the former, the said competent authorities have also implemented the Authority’s Guidelines on ICT risk assessments under the supervisory review and evaluation process.
Overall, the analysis suggests that the competent authorities across the EU have applied a risk-based approach to the supervision of ICT risk management. The EBA has not identified any significant concerns regarding the supervisory practices but makes some general recommendations for further improvements.
The EBA added that the peer review findings suggest that the EU competent authorities have largely implemented the EBA Guidelines on ICT Risk Assessment under the SREP and applied them in their supervisory practices.
The findings also suggest that the competent authorities have applied a risk-based approach to the supervision of ICT risk management where the depth and frequency of the assessments correlate with the level of ICT risk of the institutions.
According to the authority, the peer review did not raise significant concerns regarding the supervisory practices on ICT risk management, but the EBA makes a number of general recommendations to further strengthen supervisory practices. The peer review also includes recommendations to the EBA to incorporate a number of identified good practices into the Guidelines on ICT risk assessment under the SREP when the latter will be reviewed in the future.
Copyright © 2022 RegTech Analyst
Copyright © 2018 RegTech Analyst