The European Banking Authority (EBA) launched a consultation on its draft Guidelines on ICT and security risk management. These Guidelines establish requirements for credit institutions, investment firms and payment service providers (PSPs) on the mitigation and management of their information and communication technology (ICT) risks and aim to ensure a consistent and robust approach across the Single market. The consultation runs until 13 March 2019.
Due to a growing reliance on ICT for their operational functioning, financial institutions are vulnerable to increased threats from internal and external attacks, including cyber-attacks, or breaches that may arise from inadequate business continuity planning for ICT systems and processes, or poor processes relating to ICT change management. These Guidelines aim to mitigate all ICT risks - internal or external -, including security related risks, for all financial institutions.
The Guidelines outline expectations in relation to governance
…