IT risks and IT outsourcing in the focus of the EU
The European Parliament recently addressed the developing as well as the geopolitical risks in the financial market and the priorities of the SSM that can be derived from them.
On the side of developing risks, among others cyber risks are addressed. They result from the current circumstances, but also from a growing dependence of financial institutions on IT service providers. The latter, in particular, contributes to more interconnected risks that make assessing risk exposure a challenge for institutions. The established methods for risk measurement and management are not designed for this and therefore cannot achieve comprehensive coverage. Accordingly, Parliament sees a need for adapted or new approaches to risk management that combine qualitative and quantitative approaches. Because the origin of risks and the way they are interrelated are highly institution-specific, the SSM should also take an institution-specific approach to supervision, according to the Parliament’s position.
Additionally, IT risks, especially those related to cyberattacks, are also in focus from a geopolitical risk perspective. Between 2015 and 2021, the number of cyberattacks tripled, according to the ECB. Digitalization and increasing remote working are simultaneously enhance the vulnerability to such attacks. Mirroring Blackrock’s assessment, European regulators also see cyber risk as one of the most pressing geopolitical risks. Consequently, the ECB’s supervisory priorities already include vulnerabilities from IT outsourcing as well as cyber resilience. Accordingly, a new cyber incident reporting system was introduced, as well as closer monitoring of outsourcings and the operational risk management. The Digital Operational Resilience Act (DORA) is intended to significantly increase the resilience already achieved in this way, but it is not due to be implemented until 2024. Consequently, Parliament calls on the ECB to focus more on IT security and to be more active in its supervisory activities.
You can find the parliamentary report on the growing risks here, the report on geopolitical risks here on its website.
Source: © European Union, 2022 – EP, europarl.europa.eu