“On the operational side, cyber risks are the number one risk for me. Their intensity is increasing, and they may well reach systemic dimensions.”
BaFin President Mark Branson, BaFin Journal November 21
Against this backdrop, the financial supervisory authority advocates audits along the entire value chain, primarily concerning material outsourcing activities. BaFin therefore wants to audit the relevant outsourcing service providers directly. The aim is to proactively expose and address any vulnerabilities in the IT security of these companies.
“Those who fail to plug holes in IT security run the risk of incurring heavy losses, putting their reputation on the line, and, in the worst case, undermining the stability of the financial system,” stressed BaFin President Mark Branson at the Euro Finance Week in Frankfurt am Main. Operational security is just as important to supervision as financial resilience, he said.
In focus: IT security of banks, insurance companies, and service providers
IT and cyber risks are already part of the 2021 supervisory priorities. By including these issues in its medium-term objectives, BaFin is underscoring the importance of cyber resilience for the financial industry. For the institutions and service providers under supervision, this means that IT security in compliance with the regulations is now required more than ever. For material outsourcing in particular, only service providers that meet all regulatory requirements and do not shy away from a direct BaFin audit can therefore be considered.