In its latest assessment of the European banking system, the European Banking Association (EBA) highlights the threat posed by technological advances, outsourcing and data protection.
The EBA issued a risk assessment questionnaire to its members and says the results show operational risks remain an area of concern given the challenges EU banks have to face with the rapid development of financial technologies. Based on the questionnaire results, 55 % of respondents foresee an increase in operational risk in their bank compared to 43 % in December 2016 and 35 % in December 2015.
“Most EU banks are still taking steps to address the weaknesses stemming from technology-driven evolution,” EBA says.
Within types of operational risk, cyber risks and data security issues were identified as key drivers. A high and growing reliance of banking operations on IT platforms, digitalised product channels for banking services, outsourcing to third-party providers of IT-related tasks and functions, and communication networks renders banks vulnerable to operational risks.
Accordingly, 42 % of respondents identify cyber risk and data security as the main drivers for increasing operational risk, while 16 % of respondents mention IT failures as an additional driver.
Operational risks stemming from non-compliance with regulatory initiatives are another factor mentioned by 24 % of respondents. For example, EBA says, banks can be unable to fully comply with the principles for effective risk data aggregation and risk reporting, particularly in terms of data availability, quality and reliability as well as data governance.
“With the increased digitalisation of banking, services moving online and financial institutions becoming more interconnected and dependent on computer networks, an insufficient level of protection against cyber incidents and a failure of critical IT infrastructure could lead to major damages into individual financial institutions and potentially to the entire financial system,” EBA says in the report.
On outsourcing the EBA states, “Increased reliance on the service provider regarding the outsourced activities, in particular with regards to critical activities, may impact on the ability of institutions to manage their risks such as strategic, reputational, compliance and operational risk. In addition, the concentration of outsourcing providers and underlying technical infrastructures could also lead to an increased
systemic risk. Therefore all these underlying risks should be mitigated adequately by
banks and embedded in a sound and efficient risk management policy.”