Banks cite cyber security and outsourcing as operational risk concerns grow

Banks cite cyber security and outsourcing as operational risk concerns grow

More than half of European banks foresee an increase in operational risk as the fintech revolution brings concerns about cyber-security, IT failures and outsourcing problems to the fore, according to research from the EBA.

Some 55% of banks expect operational risk to grow, up from 43% a year ago and 35% in 2015, according to the tenth EBA report on risks and vulnerabilities in the EU banking sector, which is based on information from 132 lenders from 25 countries.

Cyber risks and data security issues are seen as the main drivers for this, cited by 42% of respondents, with IT failures picked up by 16% and the growing trend to outsourcing mentioned by 11%.

All of this is driven by the increased digitalisation of banking, says the EBA, as services move online and banks become more interconnected and dependent on computer networks, creating vulnerabilities.

Outsourcing has become more popular as a way to cut costs and improve efficiency while getting access to new technologies. This means that it is critical that banks manage their relationships with third parties properly. The EBA has already consulted on recommendations on outsourcing cloud service and is preparing to update its guidelines.

Says the report: "Banks and supervisors should encourage the update of out-dated IT systems and address concerns about connectivity and outsourcing to third-party providers. In addition, supervisors should explore with banks the risks the institutions will undertake if embracing and adopting technological innovation in the financial sector."

Read the full report:

Download the document now 1.8 mb (Chrome HTML Document)

Comments: (1)

Rupert Bull
Rupert Bull - The Disruption House Limited - London 28 November, 2017, 15:131 like 1 like

This is an increasingly important matter to consider. We are seeing banks and indeed all Financial Institutions expect their vendors who are offering services via the cloud to demonstrate their own third party risk management too. Overall, I see this as a positive development, not only from a risk management perspective. It shows that the industry is moving towards the concept of a supply chain for IT. In the long run this will reduce the number of proprietary legacy systems and therefore the total cost of ownership of IT by banks. This will benefit both customers and shareholders.