Focus risks in 2023 from BaFin’s perspective
At this year’s press reception, BaFin’s president outlined some of the risks that will be of particular concern to the authority in 2023. The six focus risks include IT risks, particularly in the context of cyberattacks.
The report sheds light on the fact that the likelihood of disruptions in the IT operations of finance service providers continues to increase. Although a large number of these are triggered internally, this is no reason to give the all-clear; intentionally caused IT incidents have the potential to cause very high damages. Moreover, this risk does not only affect individual institutions. The increasing number of outsourcing arrangements and the growing interconnectedness of institutions among themselves as well as with outsourcing companies, again both with each other and with their subcontractors, are exacerbating this risk. An IT incident at one institution or service provider along the outsourcing chain has the potential to directly or indirectly impact various other financial institutions. The consequences may therefore be felt in large and/or significant parts of the financial system.
Furthermore, one of the trends presented also pays off in terms of IT risk: digitization. And especially the lack of the same. Many institutions operate on outdated IT infrastructures, making them much more vulnerable to IT security incidents, disruptions and failures.
To counter this development and mitigate the growing risk, BaFin is planning close monitoring of multi-client service providers as well as additional audit procedures. Further, it will closely oversee the implementation of DORA’s requirements.
The BaFin press release on the press reception and the focus risks for 2023 can be found here.
Source: © German Federal Financial Supervisory Authority / www.bafin.de