While Europe’s financial institutions are struggling to absorb the shock caused by the COVID-19 pandemic, security risks and the frequency of Information and Communications Technology (ICT) and security-related incidents (including cyber incidents) are rising, which, in turn, has the potential to adversely impact financial institutions’ operational functioning.

The financial sector’s increasing digitalisation and the growing interconnectedness between financial institutions and third parties make financial institutions’ operations vulnerable to internal and external ICT and security risks that could potentially compromise their viability. As a result, sound ICT and security risk management are key for a financial institution to achieve its strategic, corporate, operational and reputational objectives.

For this reason, the European Banking Authority (EBA) issued its Guidelines on ICT and security risk management which entered into force on 30 June 2020. These guidelines set out EBA’s expectations on how financial institutions should manage the internal and external ICT and security risks.

Do you meet the requirements?

  • Financial institutions have adequate internal governance and internal control framework in place for their ICT and security risks. The management and mitigation of ICT and security risks through an independent and objective control function, appropriately segregated from ICT operations processes and not responsible for any internal audit, and an independent internal audit function.
  • Maintain up-to-date inventories of business functions and assess the operational risks related to ICT and the security risks and determine what measures are required to mitigate the identified risks.
  • Requirements to implement effective information security measures, including having an information security policy in place; establishing, implementing and testing information security measures; and establishing a training programme for all staff and contractors.
  • Requirements for ICT operations management including requirements to improve, when possible, the efficiency of ICT operations; implement logging and monitoring procedures for critical ICT operations; maintain an up-to-date inventory of ICT assets; monitor and manage the life cycle of ICT assets; and implement backup plans and recovery
  • Requirements for ICT project and change management, including the acquisition, development and maintenance of ICT systems and services.
  • Business continuity management and developing response and recovery plans, including testing, and their consequent updating based on the test results. Ensure effective crisis communication measures in place so that all relevant internal and external stakeholders can be informed in a timely manner.

If you don’t know where to start and are uncertain as to the security risks that exist in your organisation and how they should be identified and controlled, we are here to help you.

For more insight on compliance technology options and benefits, visit https://complyportal.uk/modules/ and find out how our straightforward, comprehensive compliance technology solution can help you and your organisation.

About ComplyPortal:

First developed in 2011 by compliance professionals for compliance officers, ComplyPortal offers workflow, automation, and several modules to help firms with control and regulatory compliance monitoring.

ComplyPortal simplifies financial services regulatory compliance management on an easy-to-use cloud-based comprehensive compliance platform. It enables compliance officers, risk officers and senior management to keep track of their firm’s regulatory responsibilities and workflows. Our platform includes the following modules, among others:

  • Monitoring: a year-round schedule pre-populated with monitoring questionnaires to ease compliance processes.
  • Registers: lists controlled by the Compliance officer, but easy for staff to view.
  • Risk: map and control risk areas to effectively identify and manage risk for your firm.
  • eKYC solution: perform comprehensive searches, including client identity verification, document authenticity, and more for a comprehensive KYC and AML approach