IT Risk

ECB, FCA and PRA supervisory Expectations and how to address them

A Top 3 Risk Driver

According to the European Central Bank (ECB), cybercrime and IT disruptions jointly are one of the three most prominent risk drivers affecting the Euro area banking system Similarly in the UK, the number of incidents reported to the Financial Conduct Authority (FCA) increased by 187% to a total of 646 between October 2017 and September 2018. ECB and the UK FCA have made IT risks a priority. This is also true for the UK Prudential Regulatory Authority (PRA), which also signaled that its supervisory approach would further embed IT and operational resilience with a focus on the continuity of the business services that a bank’s customers and the wider economy rely upon

Regulatory Approaches

The EBA Guidelines on Outsourcing, issued in February 2019, established a more harmonized governance and risk framework around outsourcing (taking into consideration the previous 2017 EBA recommendations on outsourcing to cloud service providers).

Since the EBA Guidelines entered into force in September 2019, European countries have started to transpose the outsourcing requirements into their own regulatory framework. Beyond the high-level requirements on outsourcing set out by the EBA, this White Paper provides an overview of the pan-European regulation and discusses the transposition of the EBA Guidelines into local regulatory practices. This allows financial institutions to assess their level of compliance with regulatory requirements and evolving supervisory expectations on outsourcing.

IT Risk management: supervisory expectations

Building on existing and 'looming' regulatory requirements, what are the specific items a well-prepared bank should consider? What aspects need to be embedded in the organisation to fullifill the expecations of the supervisory bodies?

This IT Risk Whitepaper focuses on the following aspects:

  • Governance and Strategy

  • ICT Risk Management Framework

  • ICT Operations Management

  • Information Security

  • ICT Project and Change Management

  • Business Continuity Management


    Preparing for a Supervisory Review

    The supervisory expectations outlined in this Whitepaper are daunting and banks are encouraged to plan well in advance for any potential review. Supervisors will assess all aspects of IT risk. Preliminary views will be formed based on information the supervisor will have already collected through their ongoing supervisory activities, the banks’ regular data submissions as well as specific questions addressing each of the dimensions.

Get Expert Assistance

Reply is a recognised partner for a large number of G-SIBs, D-SIBs and other banks in the Eurozone and the UK, when addressing IT risk management issues. Click on the arrow below for an overview of the comprehensive set of ‘assets’ that Reply has developed to assist Eurozone and UK based banks. To learn more, download the full, free PDF and don’t hesitate to contact us for further questions: avantage@reply.com

Benchmarking the bank’s IT risk management framework and practices against regulatory requirements, supervisory expectations and peer firms.


Co-developing time-bound and budgeted roadmaps and action plans to enhance the bank’s IT risk management framework and practices.


Implementing (and project managing the delivery of) road maps and action plans to enhance both the bank’s framework and its practices

Developing and creating appropriate remediation plans following a supervisory inspection or audit.

Avantage Reply

Picture

Avantage Reply is a pan-European Financial Services (FS) management consulting firm, delivering change initiatives in Risk, Compliance, Finance and Operations. Avantage Reply has operations in Amsterdam, Brussels, Frankfurt, Lisbon, London, Luxembourg, Milan, Munich, Paris, Rome and Turin. Our consultants advise on and deliver pragmatic solutions, supported by comprehensively tested analytical techniques using proprietary solutions, methodologies and prototypes. Being part of the Reply Group, Avantage Reply successfully leverages on the group’s technology competencies to deliver on client engagements. More details at

Glue Reply

Picture

Glue Reply is an outcome focused strategy and enterprise architecture specialist, trusted by public and private sector organisations alike to solve complex problems. Glue Reply helps its clients succeed by turning strategy into tangible solutions and vision into practical outcomes. Glue Reply diagnoses the challenges and advises how to make real impact – enabling its clients to deliver.