Page 56 - 2014_3865_EBA 5th

Basic HTML Version

E U R O P E A N B A N K I N G A U T H O R I T Y
54
Increased attention to IT related
operational risks
IT-related risks are increasing while profit-
ability often remains subdued and pressure
to reduce costs persists. It is important in
such an environment to ensure that IT sys-
tems and related internal controls are safe-
guarded against budgetary pressures and
remain robust. While consolidation in the
banking sector continues interaction of leg-
acy or heterogeneous IT systems deserves
heightened attention, as particular weak-
nesses has been identified here. At the same
time, market pressure to swiftly launch new
IT-related and mobile technology products is
an additional source of risk, as sufficient time
to testing prior to product launching may be
compromised. In addition, companies are
using new approaches which involve testing
as an integral part of the design and devel-
opment process. Updating legacy IT systems
while simultaneously adopting new technolo-
gies can be a major challenge for banks and
create substantial risk exposure.
The RAQ indicates that almost all institu-
tions are responding to growing IT-related
operational risks. Actions taken are such as
increased spending on IT security- and re-
silience, strengthening of governance and
business continuity plans. Two thirds of RAQ
respondents cover IT risks as part of their
general operational risk management. Su-
pervisors should caution whether this gener-
al treatment is capturing IT risks adequately.