ECB to launch on-site cyber risk inspections this year

Speech by Sabine Lautenschläger, member of the Executive Board of the European Central Bank and vice-chair of the Supervisory Board of the European Central Bank, to the Banking & Payments Federation Ireland (BPFI) Risk Management & Supervisory Conference “Future Supervisory Landscape”, Dublin, 17 January 2019.

Banks need to keep an eye on cyber risks and work on cyber resilience. We know that banks are already exposed to cyber risk. But they will become more vulnerable as digitalization progresses. They will need to invest in staff who have the appropriate skills to handle such risks. And they will have to comply with rules and regulations on this front.

ECB Banking Supervision will do its part. We will launch a number of on-site inspections on cyber risk in 2019, and we will continue to monitor the situation under our SSM cyber incident reporting process. We will also bring our expertise and knowledge to bear when contributing to guidelines being developed by the European Banking Authority on such issues.

On banks, fintech, big tech and suptech:

Technological change, and in particular digitalization, has the potential to fundamentally change the banking landscape. But it is not clear exactly how things will change. It is hard to guess how innovations will evolve and easy to get it wrong. That said, we can still look at some scenarios and see how we supervisors would deal with them.

Let’s begin with two extreme scenarios.

First, banks could adapt in order to survive and even thrive in a digitized market. In this scenario,
they would swiftly embrace the digital trend, team up with fintechs, and no major disruptions would occur. On the contrary, banks would be more profitable and agile than before. From the viewpoint of banks, this is certainly the most benign scenario. However, we should not forget that adapting to new trends and adopting new technologies always comes with new risks, such as legal or operational risks.

In the second extreme scenario, banks could find themselves powerless in the face of fast-paced innovation. Fintechs, or big techs providing financial services, could disrupt the market and take it over. The result could be either a highly competitive market, or a market that is highly concentrated. For the banks, this scenario is far less benign than the first one. And it would challenge supervisors as well. After all, many fintechs operate outside the regulatory perimeter.

The regulator would need to keep in mind the golden rule I mentioned before: same business,
same risk, same rules.

We cannot predict how things will play out in detail. These are two extreme scenarios, of course. In reality we are likely to land somewhere in between. Some banks will adapt, and even thrive; others will not be able to keep up. So, banks should focus on what they do best. And they should look at how technological innovations might help them to do what they do best more efficiently in the future.

But the impact of technological change goes beyond banks. Technology can also change the way in which we supervisors do our jobs, and it can change the way in which we think about risks. Applying new technologies to banking supervision could not only make it more effective and efficient. It could also reshape our priorities.

The greatest gains from what is known as suptech – supervisory technology – would be made in the collection and analysis of data. And there are many examples. Automated reporting could ease the burden on banks and make data collection more efficient. Machine learning could enhance the validation of data. Virtual assistants could be programmed to address user complaints during data collection, for instance. In addition, suptech could help to improve the analysis of credit and liquidity risks.

Some experts even argue that suptech could become a third approach to supervising banks. In addition to the rules-based and principles-based approaches, there would be a data-driven approach. Now, there is still a lot of uncertainty about the exact role suptech will play in the end.

European examples

The Austrian central bank has developed a reporting platform that bridges the gap between the IT systems of supervised entities and supervisors. The Italian central bank is exploring ways of using machine-learning algorithms to forecast loan defaults. And the Dutch central bank is working on the use of neural networks to detect liquidity risk.

But as a good supervisor, I must add a note of caution, of course – countering the optimism bias again. Innovation is not risk-free in supervision either. Suptech comes with a number of risks. Think of the legal risks that arise when you start to handle ever larger amounts of sensitive commercial data.

So as we supervisors start to apply new technologies, we must be just as cautious as we would expect banks to be. And we must remember that these technological advances are no substitute for supervisory judgement, which will still play an important role in the supervisory approach, supporting the outcome of supervisory assessments and underpinning the use of discretion in supervisory actions.

Read the full speech

Related Posts

Previous Post
Japan’s SBI Holdings invests in Swiss crypto and German AI
Next Post
What crypto funds are doing for custody, benchmarks and insurance (premium)

Fill out this field
Fill out this field
Please enter a valid email address.

X

Reset password

Create an account