IT Risk

ECB, FCA and PRA supervisory Expectations and how to address them

IT RISK Whitepaper

A Top 3 Risk Driver

According to the European Central Bank (ECB), cybercrime and IT disruptions jointly are one of the three most prominent risk drivers affecting the Euro area banking system

Similarly in the UK, the number of incidents reported to the Financial Conduct Authority (FCA) increased by 187% to a total of 646 between October 2017 and September 2018.

ECB and the UK FCA have made IT risks a priority. This is also true for the UK Prudential Regulatory Authority (PRA), which also signaled that its supervisory approach would further embed IT and operational resilience with a focus on the continuity of the business services that a bank’s customers and the wider economy rely upon

Regulatory Approaches

The European Banking Authority defines ICT risk as the “risk of loss due to breach of confidentiality, failure of integrity of systems and data, inappropriateness or unavailability of systems and data or inability to change IT within a reasonable time and costs when the environment or business requirements change (i.e., agility)”.

Beyond the high-level requirements enshrined in European regulations and directives, specific regulatory publications provide a useful background for regulatory expectations relating to IT risks in banking. The IT Risk Whitepaper discusses these and allows banks to assess their level of compliance with regulatory requirements and evolving supervisory expectations.


Building on existing and 'looming' regulatory requirements, what are the specific items a well-prepared bank should consider? What aspects need to be embedded in the organisation to fullifill the expecations of the supervisory bodies?

This IT Risk Whitepaper focuses on the following aspects:

  • Governance and Strategy
  • ICT Risk Management Framework
  • ICT Operations Management
  • Information Security
  • ICT Project and Change Management
  • Business Continuity Management

Preparing for a Supervisory Review

The supervisory expectations outlined in this Whitepaper are daunting and banks are encouraged to plan well in advance for any potential review. Supervisors will assess all aspects of IT risk. Preliminary views will be formed based on information the supervisor will have already collected through their ongoing supervisory activities, the banks’ regular data submissions as well as specific questions addressing each of the dimensions.

Get Expert Assistance

Combining IT and Financial Services Expertise

Reply is a recognised partner for a large number of G-SIBs, D-SIBs and other banks in the Eurozone and the UK, when addressing IT risk management issues.

Click on the arrow below for an overview of the comprehensive set of ‘assets’ that Reply has developed to assist Eurozone and UK based banks.

To learn more, download the full, free PDF and don’t hesitate to contact us for further questions:

  • strip-0

    Avantage Reply

    Established in 2004, Avantage Reply, a member firm of the Reply group, is a pan-european specialised management consultancy delivering change initiatives in the areas of risk, finance (treasury and capital management, regulatory reporting), compliance and operations, with an excellent reputation for delivering solutions to its clients’ most challenging issues.

  • Glue Reply

    Glue Reply is an outcome focused strategy and enterprise architecture specialist, trusted by public and private sector organisations alike to solve complex problems. Glue Reply helps its clients succeed by turning strategy into tangible solutions and vision into practical outcomes. Glue Reply diagnoses the challenges and advises how to make real impact – enabling its clients to deliver.