Supervision release 20 November 2017 – 62/2017

The EBA has published translations of the Guidelines on the assessment of ICT risks

On 11 September 2017, the European Banking Authority (EBA) published the official translations of its Guidelines on ICT Risk Assessment under the Supervisory Review and Evaluation Process. The Guidelines complement the EBA Guidelines on the SREP. They are addressed to national supervisory authorities, and their objective is to promote harmonised supervisory practices in the assessment of ICT risks. The FIN-FSA recommends that supervised entities take the Guidelines into consideration in the management of their ICT risks.
The Guidelines enter into force on 1 January 2018.

Guidelines on ICT risk assessment under the SREP

For further information, please contact

  • Erja Pullinen, Risk Specialist, tel +358 9 183 5358 or erja.pullinen(at)
  • Heli Mäkitalo, Risk Specialist, tel +358 9 183 5369 or heli.makitalo(at)