Developments in International IT-Supervision

Developments in International

IT-Supervision

CBCS: Information Technology Service Management Seminar

Agenda

1.

Europe: ECB: SSM

2.

World: ITSG

Banking Union: More than supervision

Objectives of Banking Union

–

Break the link between Member States and their banks

–

Improve cross-border supervision and confidence in banks

–

Reduce financial risks to taxpayers Three Pillars of Banking Union

Three Pillars of Banking Union

1.

Single framework for supervision: Single Supervisory Mechanism (SSM)

2.

Single framework for resolving banks: Single Resolution Mechanism (SRM)



SSM entails close cooperation between ECB and national supervisors

–

Scope SSM is prudential banking supervision (CRD IV/CRR)

–

Participating Members States: euro area plus opt-in countries

–

Participating national supervisors: one per participating Member State (NL: DNB)

–

Bank significance determines cooperation form between ECB and national supervisors



SSM includes supervision of significant banks

–

±130 institutions, representing ± 85% overall balance sheet total

–

ECB coordinates supervision through so-called Joint Supervisory Teams (one per bank)

Single Supervisory Mechanism in a nutshell (1)

–

–

National supervisors participate in JST’s (capacity, local knowledge and expertise)



... and also supervision of less-significant banks

–

±6,000 institutions, representing ± 15% overall balance sheet total

–

National supervisors in the lead; indirect supervision by ECB (ultimate responsibility)

Single Supervisory Mechanism in a nutshell (2)



SSM foresees horizontal supervision across banks

•

Supervision across banks (thematic/by expertise)

•

New for NL: on-site supervision as a distinct supervisory function



SSM will introduce new supervisory methodology and processes



SSM will introduce new supervisory methodology and processes

•

DNB Focus! methodology replaced by SSM Risk Assessment System (RAS)

•

DNB SREP-process replaced by SSM SREP-process

Sizeable implications for DNB as SSM supervisor



Governance: DNB cooperates within the SSM, rather than being the final decision-maker



Organisation: how to organize DNB optimally for cooperation within the SSM-context?



People: DNB supervisors go to Frankfurt, while supervisory activities in Amsterdam continue



Supervision within SSM: key changes (1)



New methodologies/processes for banking supervision



Data driven and more emphasis on Dataquality

Supervision within SSM: key changes (2)

Implications for banks



New supervisory approach for assessment of risks and risk mitigations



Supervisory reporting: more reporting, via national supervisors to ECB



Primary working language SSM will be English



New: supervisory fees levied by the ECB

Implications for ‘other’ supervisors Implications for ‘other’ supervisors



Several supervisory responsibilities remain national

–

Conduct-of-business supervision (NL: AFM)

–

Prudential supervision on insurers and pension funds (NL: DNB)

–

Anti-money laundering / combating terrorism financing



Where applicable, cooperation agreements need to be made with the SSM (Memoranda of Understanding, MoU’s)

Organisation Supervision DNB

Risicomanagement toezicht ING Bank ABN AMRO Rabobank Toezicht Europese banken

Middelgrote banken Kleine banken en bijkantoren Beleggingsondernemingen Toezicht nationale intellingen Interne modellen en kredietrisico's Financiële risico's en kapitaalinstrumenten Operationele risico's On-site toezicht en bancaire expertise Thematisch toezicht integriteit Expertisecentrum integriteitstrategie Expertisecentrum Toezicht horizontale functies

en integriteit Internationaal overleg banken Banken Kwantitatief beleid Verzekeraars Toezicht Beleid Internationale verzekeringsgroepen Nationale verzekeringsgroepen Middelgrote verzekeraars Toezicht Verzekeraars Grote pensioenfondsen Middelgrote pensioenfondsen Kleine Toezicht Pensioenfondsen Toezicht DNB Rabobank Binnenlandse significante banken Buitenlandse significante banken Beleggingsondernemingen en beleggingsinstellingen Betaalinstellingen en bijzondere projecten Informatievoorziening toezicht Operationele risico's en datakwaliteit IT risico's Bedrijfsmodellen en governance Bedrijfsbureau banken Expertisecentrum governance, gedrag en cultuur Expertisecentrum interventie en handhaving Expertisecentrum markttoegang Expertisecentrum toetsingen Verzekeraars Pensioenen Algemeen Beleid en Governance Strategie Middelgrote verzekeraars Zorgverzekeraars Kleine verzekeraars en procesondersteuning Expertisecentrum financiële risico's verzekeraars Expertisecentrum kapitaal Kleine pensioeninstellingen en procesondersteuning Expertisecentrum financiële risico's pensioenfondsen Expertisecentrum bedrijf en organisatie On-site toezicht pensioenfondsen en verzekeraars

More Harmonisation 1

Key principles:

1. Risk based approach (more detail -> high perceived risk). Head of Mission (HoM) decides intensity

2. Proportionality: To reflect nature, scale and complexity of Credit Institution (CI)

Ultimate objective: assist inspections Ultimate objective: assist inspections

- Detect shortcomings in how CI’s manage their risks - Collect undeniable evidence on deficiencies

- Enable JST to prepare solid recommendations -> solve present problems

More Harmonisation 2

Responsibilities:

- JST: Supervision strategy -> Supervisory Evaluation Plan (SEP) - JST: To program on-site inspections in cooperation with ECB

Centralised On-site function

- HoM: To determine how objectives (set by JST) will be achieved

Methodologies: Methodologies:

- Guidance to inspection teams

- Topics are non-exhaustive / professional judgement inspectors - Not static; updates by ECB Centralised on-site function

Agenda

1.

Europe: ECB: SSM

2.

World: ITSG

What is ITSG?

A group which provides an informal platform for

intensifying international co-operation and information

exchange on IT and specific IT risks between Heads of IT

Supervision at Banking Regulators. The group will also

provide an opportunity for greater knowledge of the

different supervisory approaches, but will be mindful of

local regulatory approaches and policies.

The group is not a policy making forum, but is available to

provide expert advice to international groups such as

ITSG

Objectives:

Exchanging information on technology risks and

supervisory practices

Establishing an international network for IT supervisors

Promoting efficiency and synergy through cross-border

supervisory work

Facilitating sound practices in IT supervision

Facilitating sound practices in IT supervision

Facilitating cross-border incident management

ITSG

Activities

Annual conference for Heads of IT Supervision or

representatives with a focused and technical knowledge of

the IT environment within banking institutions, especially

with respect to IT security and continuity.

The conference will last several days with one or two

representatives from each supervisory organisation. It is

hosted on a rotational basis.

hosted on a rotational basis.

The agenda of the conference should cover IT topics/risks

which are collected in advance by the participants.

Membership

Membership of the group is heads (or representatives) of

IT Supervisors examination departments within banking

and governmental regulatory organisations.

Current members

Americas:

FDIC, FRB, OCC, Canada, Mexico

Europe:

Norway, Sweden, UK, Germany,

Netherlands, Luxemburg, Belgium, Spain, Italy,

France, Greece

Asia:

Australia, Singapore, Hong Kong, China, Japan,

Malaysia, South Korea

The conferences

2002 Amsterdam

2004 San Antonio

2005 London

2006 Hong Kong

2007 Toronto

2008 Rome

2008 Rome

2009 Washington

2010 Sydney

2011 Mexico city

2012 Singapore

2013 Beijing

New entrants

New Membership Admission Criteria:

Sponsorship by a permanent member

2 times present as an observer

Add value to the Group

Enhances the diversity of the ITSG coverage

Large/international financial institutions

Some important topics

Security/Cybercrime

Cloud computing

Outsourcing/Offshoring

BCM/Pandemic/Resilience

Mobile and internet payments

Mobile and internet payments

Card fraudes

Incidents

Peer reviews

Agenda

1.

Europe: ECB: SSM

2.

World: ITSG

Other Supervisors

USA: FFIEC

Europe: EBA

Europe: Secure Pay Forum

Europe: Secure Pay Forum

Asia: SEACEN

Background Information:

www.dnb.nl www.afm.nl www.bis.org www.ecb.int/home www.c-ebs.org www.federalreserve.gov www.ffiec.gov www.ecb.europa.eu/ssm

Questions?

Evert Koning

Operational Risks & Data quality

Telephone:

+31 20 524 2428

Mobile:

+31 6 524 96 399