The European Association of Co-operative Banks welcomes the opportunity to take part in the Commission’s online public consultation on a digital operational resilience framework for financial services.
Given the reliance of the financial sector on IT, EACB members believe that the risks involved should be covered accordingly. Proper IT (security) risk management practices are crucial. It is necessary that everyone involved takes responsibility for IT security and potential cyber risks. Uniform guidelines should fit into a uniform supervisory concept towards financial service providers and banks. Specialised business guidelines on information security (payment transactions, securities, risk management) should also be included in this set of rules.
Concerning the reporting of IT security incidents, we believe it should be carried out by a uniform scheme via a single reporting channel and be forwarded to all authorised bodies. A harmonisation of the reporting requirements is welcome – taking into account all participants in the financial system.
Regarding outsourcing, which is a sensitive issue for co-operative groups and networks, whose organisational structure relies on a division of tasks, EACB members have experienced difficulties during contractual negotiations between their organisation and third party ICT providers. Banks’ on-site audit right has been one of the most challenging topics in contract negotiations, followed by audit rights, data location, sub-outsourcing, agreement or transparency on security targets and the monitoring of their implementation, particularly in the area of Public Cloud Service Providers.
In our view, Cloud Service Providers should have the same execution framework with all their clients (including banking institutions) and should be certified by a regulator. As the Commission has already begun to work on the matter, their initiatives could be extended to define standardised terms and conditions integrating all the provisions proposed by the 2019 EBA Guidelines on outsourcing arrangements.
To download and read all our response click here.