|
|
The European Banking Authority (EBA) published today the
conclusion of its peer review of how competent authorities supervise
institutions’ ICT risk management and have implemented the EBA Guidelines on ICT risk assessment
under the supervisory review and evaluation process (SREP).
The peer review findings suggest that the EU competent authorities have largely implemented the EBA Guidelines on ICT Risk Assessment under the SREP and applied them in their supervisory practices.
The findings also suggest that the competent authorities have applied a risk-based approach to the supervision of ICT risk management where the depth and frequency of the assessments correlate with the level of ICT risk of the institutions.
The peer review did not raise significant concerns regarding the supervisory practices on ICT risk management, but the EBA makes a number of general recommendations to further strengthen supervisory practices. The peer review also includes recommendations to the EBA to incorporate a number of identified good practices into the Guidelines on ICT risk assessment under the SREP when the latter will be reviewed in the future.