An analysis of self-assessment reports provided by banks to supervisory authorites found that for some IT risk areas banks remain „too optimistic”, particularly in the filed of data quality management and IT risk management, according to finextra.com.
The probe found that data integrity risk continues to be of concern, with deficiencies identified in IT data quality management and data architecture models.
IT security is also considered a significant challenge for institutions, says the ECB, noting that the number of reported cyber incidents through its cyber incident reporting framework has increased from year to year.
In broad brush terms, IT outsourcing and legacy technology were seen to represent the main areas of concern.
„The continued reliance on end-of-life (EOL) systems for critical business processes requires a high degree of management attention,” says the ECB. „Therefore, it is desirable that institutions continue working on simplifying their IT systems and ensuring sufficient agility.”
The results also showed an increase in IT outsourcing, with a slightly higher concentration of risk at the level of individual institutions, with several reporting losses due to unavailability and/or poor quality of outsourced services.
„In order to solve such findings it would be desirable that the outsourcing management processes (including risk management) are improved, service level agreements are constantly monitored and that institutions pursue a stricter and more comprehensive inclusion of outsourced processes into their internal control framework. This also includes regularly updating business continuity plans, as well as having adequate exit strategies in place.”
Institutions with board members drawn from IT disciplines were found to be more prudent in their assessments and prepared to spend more budget on innovation.
The ECB says it will in future focus its supervisory attention on the „collective suitability of the boards with respect to their IT expertise and whether banks comply with regulation on outsourcing.”
On legacy tech issues, it adds: „ECB Banking Supervision plans to increase its focus on institutions that report having EOL systems supporting critical banking activities, with the aim of decreasing their dependency on EOL systems.”
„Tendinţele pe care le-am remarcat înainte de începerea pandemiei s-au accelerat pe perioada stării de urgenţă. Am văzut acest lucru ca o oportunitate, un tipping point pentru bancă. Post-pandemie nu avem cum sa ne întoarcem la comportamentul financiar pe care îl aveam până în februarie a.c. Relaţia românilor cu online-ul s-a schimbat. In plus, cardul fizic se va dematerializa. Vom asista la o scădere a cererii pentru cardurile fizice, respectiv la o creştere a preferinţei pentru componenta digitală a acestora.”