Developments in InternationalIT-SupervisionCBCS: Information Technology Service Management Seminar

Evert Koning, 18 November 2014

Agenda

1.Europe: ECB: SSM

2.World: ITSG

3.Other Supervisors

2

Banking Union: More than supervision

Objectives of Banking Union

– Break the link between Member States and their banks

– Improve cross-border supervision and confidence in banks

– Reduce financial risks to taxpayers

Three Pillars of Banking UnionThree Pillars of Banking Union

1. Single framework for supervision: Single Supervisory Mechanism (SSM)

2. Single framework for resolving banks: Single Resolution Mechanism (SRM)

3. Common system of deposit protection (DGS)

3

SSM entails close cooperation between ECB and national supervisors

– Scope SSM is prudential banking supervision (CRD IV/CRR)

– Participating Members States: euro area plus opt-in countries

– Participating national supervisors: one per participating Member State (NL: DNB)

– Bank significance determines cooperation form between ECB and national supervisors

SSM includes supervision of significant banks

– ±130 institutions, representing ± 85% overall balance sheet total

– ECB coordinates supervision through so-called Joint Supervisory Teams (one per bank)

Single Supervisory Mechanism in a nutshell (1)

–

– National supervisors participate in JST’s (capacity, local knowledge and expertise)

... and also supervision of less-significant banks

– ±6,000 institutions, representing ± 15% overall balance sheet total

– National supervisors in the lead; indirect supervision by ECB (ultimate responsibility)

– ECB can instruct national supervisors and assume the lead at any point in time

4

Single Supervisory Mechanism in a nutshell (2)

SSM foresees horizontal supervision across banks

• Supervision across banks (thematic/by expertise)

• New for NL: on-site supervision as a distinct supervisory function

SSM will introduce new supervisory methodology and processes SSM will introduce new supervisory methodology and processes

• DNB Focus! methodology replaced by SSM Risk Assessment System (RAS)

• DNB SREP-process replaced by SSM SREP-process

… and also new supervisory reporting frameworks

5

Sizeable implications for DNB as SSM supervisor

Governance: DNB cooperates within the SSM, rather than being the final decision-maker

Organisation: how to organize DNB optimally for cooperation within the SSM-context?

People: DNB supervisors go to Frankfurt, while supervisory activities in Amsterdam continue

Supervision within SSM: key changes (1)

New methodologies/processes for banking supervision

Data driven and more emphasis on Dataquality

New (joint) responsibility for supervision of foreign significant banks

6

Supervision within SSM: key changes (2)

Implications for banks

New supervisory approach for assessment of risks and risk mitigations

Supervisory reporting: more reporting, via national supervisors to ECB

Primary working language SSM will be English

New: supervisory fees levied by the ECB

Implications for ‘other’ supervisorsImplications for ‘other’ supervisors

Several supervisory responsibilities remain national

– Conduct-of-business supervision (NL: AFM)

– Prudential supervision on insurers and pension funds (NL: DNB)

– Anti-money laundering / combating terrorism financing

Where applicable, cooperation agreements need to be made with the SSM (Memoranda of

Understanding, MoU’s)

7

Governance SSM

8

Organisation SSM

9

Organisation Supervision DNB

Risicomanagementtoezicht

ING Bank

ABN AMRO

Rabobank

Toezicht Europese banken

Middelgrote banken

Kleine banken enbijkantoren

Beleggingsondernemingen

Toezicht nationaleintellingen

Interne modellenen

kredietrisico's

Financiële risico'sen

kapitaalinstrumenten

Operationele risico's

On-site toezicht enbancaire expertise

Thematisch toezichtintegriteit

Expertisecentrumintegriteitstrategie

Expertisecentrum

Toezicht horizontale functiesen integriteit

Internationaal overlegbanken

BankenKwantitatief beleid

Verzekeraars

ToezichtBeleid

Internationaleverzekeringsgroepen

Nationaleverzekeringsgroepen

Middelgrote verzekeraars

ToezichtVerzekeraars

Grote pensioenfondsen

Middelgrotepensioenfondsen

Kleine

ToezichtPensioenfondsen

Toezicht DNB

Rabobank

Binnenlandsesignificante banken

Buitenlandsesignificante banken

Beleggingsondernemingen

enbeleggingsinstellingen

Betaalinstellingenen

bijzondere projecten

Informatievoorzieningtoezicht

Operationele risico's

en datakwaliteit

IT risico's

Bedrijfsmodellenen

governance

Bedrijfsbureau banken

Expertisecentrum

governance, gedragen cultuur

Expertisecentruminterventie

en handhaving

Expertisecentrummarkttoegang

Expertisecentrumtoetsingen

Verzekeraars

Pensioenen

Algemeen Beleiden Governance

Strategie

Middelgrote verzekeraars

Zorgverzekeraars

Kleine verzekeraarsen procesondersteuning

Expertisecentrumfinanciële risico's

verzekeraars

Expertisecentrum kapitaal

Kleine

pensioeninstellingen enprocesondersteuning

Expertisecentrumfinanciële risico'spensioenfondsen

Expertisecentrumbedrijf en organisatie

On-site toezichtpensioenfondsenen verzekeraars

10

More Harmonisation 1

Key principles:1. Risk based approach (more detail -> high perceived risk).

Head of Mission (HoM) decides intensity2. Proportionality: To reflect nature, scale and complexity of

Credit Institution (CI)

Ultimate objective: assist inspectionsUltimate objective: assist inspections- Detect shortcomings in how CI’s manage their risks- Collect undeniable evidence on deficiencies- Enable JST to prepare solid recommendations

-> solve present problems-> prevent materialisation of emerging problems

11

More Harmonisation 2

Responsibilities:- JST: Supervision strategy -> Supervisory Evaluation Plan (SEP)- JST: To program on-site inspections in cooperation with ECB

Centralised On-site function- HoM: To determine how objectives (set by JST) will be achieved

Methodologies:Methodologies:- Guidance to inspection teams- Topics are non-exhaustive / professional judgement inspectors- Not static; updates by ECB Centralised on-site function

12

On-site inspection life cycle

13

Agenda

1.Europe: ECB: SSM

2.World: ITSG

3.Other Supervisors

14

What is ITSG?

A group which provides an informal platform forintensifying international co-operation and informationexchange on IT and specific IT risks between Heads of ITSupervision at Banking Regulators. The group will alsoprovide an opportunity for greater knowledge of thedifferent supervisory approaches, but will be mindful oflocal regulatory approaches and policies.

The group is not a policy making forum, but is available toprovide expert advice to international groups such asBasel and the Joint Forum.

15

ITSG

Objectives:

Exchanging information on technology risks andsupervisory practices

Establishing an international network for IT supervisors

Promoting efficiency and synergy through cross-bordersupervisory work

Facilitating sound practices in IT supervisionFacilitating sound practices in IT supervision

Facilitating cross-border incident management

16

ITSG

Activities

Annual conference for Heads of IT Supervision orrepresentatives with a focused and technical knowledge ofthe IT environment within banking institutions, especiallywith respect to IT security and continuity.

The conference will last several days with one or tworepresentatives from each supervisory organisation. It ishosted on a rotational basis.hosted on a rotational basis.

The agenda of the conference should cover IT topics/riskswhich are collected in advance by the participants.

Membership

Membership of the group is heads (or representatives) ofIT Supervisors examination departments within bankingand governmental regulatory organisations.

17

Current members

Americas: FDIC, FRB, OCC, Canada, Mexico

Europe: Norway, Sweden, UK, Germany,Netherlands, Luxemburg, Belgium, Spain, Italy,France, Greece

Asia: Australia, Singapore, Hong Kong, China, Japan,Malaysia, South Korea

18

The conferences

2002 Amsterdam

2004 San Antonio

2005 London

2006 Hong Kong

2007 Toronto

2008 Rome2008 Rome

2009 Washington

2010 Sydney

2011 Mexico city

2012 Singapore

2013 Beijing

2014 Frankfurt

19

New entrants

New Membership Admission Criteria:

Sponsorship by a permanent member

2 times present as an observer

Add value to the Group

Enhances the diversity of the ITSG coverage

Large/international financial institutions

presenter, active group member and a future host

20

Some important topics

Security/Cybercrime

Cloud computing

Outsourcing/Offshoring

BCM/Pandemic/Resilience

Mobile and internet paymentsMobile and internet payments

Card fraudes

Incidents

Peer reviews

21

Agenda

1.Europe: ECB: SSM

2.World: ITSG

3.Other Supervisors

22

Other Supervisors

USA: FFIEC

Europe: EBA

Europe: Secure Pay ForumEurope: Secure Pay Forum

Asia: SEACEN

23

Background Information:

www.dnb.nl

www.afm.nl

www.bis.org

www.ecb.int/home

www.c-ebs.org

www.federalreserve.gov

www.ffiec.gov

www.ecb.europa.eu/ssm

24

Questions?

Evert KoningOperational Risks & Data quality

Telephone: +31 20 524 2428Mobile: +31 6 524 96 399E-mail: : e.koning@DNB.NL

25