Supervision release 25 April 2022 – 23/2022

Thematic review of the use of new technologies and related risks

The Financial Supervisory Authority (FIN-FSA) has conducted a thematic review of the present state of the use of new digital technologies. The thematic review also identified risks faced by supervised entities in connection with the use of new technologies.

Supervision of the digitalising financial sector is one of the FIN-FSA’s focus areas 

Supervision of the digitalising financial sector is one of the focus areas in the FIN-FSA’s strategy. The strategy was implemented in 2021 by sending a survey to supervised entities to examine the degree of adoption of new technologies as well as risks associated with the use of these technologies.

The survey was carried out in spring 2021. The FIN-FSA will utilise the findings of the survey in planning its supervisory efforts and will direct its supervision based on the risks involved.

The banking sector and employee pension companies have advanced the most in the use of new technologies

The following new technologies were discussed in the thematic review:

  • Big data and data analytics
  • Artificial intelligence and machine learning
  • Cloud services
  • Technological solutions supporting regulatory compliance (regtech)
  • Blockchains and smart contracts

As regards the technologies covered by the survey, the supervised entities had progressed the furthest in the use of big data and data analytics. In addition, the utilisation of various technological solutions supporting regulatory compliance (regtech) and cloud services is on average quite extensive in the financial sector. At the same time, the utilisation of blockchain technology is very limited.

The use of the technologies included in the survey was most advanced in banking and employee pension insurance. In terms of business areas, these technologies were utilised the most in support functions.

Inadequate digitalisation expertise of personnel was perceived as the main risk associated with new technologies

The most common type of risk identified was the inadequate digitalisation expertise of personnel. This was the most common risk regardless of the technology or sector of supervised entity. This risk covers circumstances where the organisation lacks adequate expertise, or expertise is limited to a small group, as well as those where there are no experts available in the market to facilitate digitalisation.

Other risks that arose several times also include dependency on outsourcing partners, inadequate investment in digitalisation initiatives, inadequate management access to information, reputational damage caused by failing solutions, and shortcomings in the information or privacy protection of the services. The views concerning the ten most common risks were quite similar across the different sectors of supervised entities.

The risks emphasised in the responses to the survey were of such a nature that supervised companies are able to have a major impact on them through their own decisions and strategic choices. Digitalisation naturally puts high demands on the management, security and integrity of information. 

For further information, please contact

Hanna Heiskanen, Senior Digitalisation Specialist, telephone +358 9 183 5202 or hanna.heiskanen(at)


Illustrations of the main results of the thematic review (in Finnish)