Developments in InternationalIT-SupervisionCBCS: Information Technology Service Management Seminar
Evert Koning, 18 November 2014
Agenda
1.Europe: ECB: SSM
2.World: ITSG
3.Other Supervisors
2
Banking Union: More than supervision
Objectives of Banking Union
– Break the link between Member States and their banks
– Improve cross-border supervision and confidence in banks
– Reduce financial risks to taxpayers
Three Pillars of Banking UnionThree Pillars of Banking Union
1. Single framework for supervision: Single Supervisory Mechanism (SSM)
2. Single framework for resolving banks: Single Resolution Mechanism (SRM)
3. Common system of deposit protection (DGS)
3
SSM entails close cooperation between ECB and national supervisors
– Scope SSM is prudential banking supervision (CRD IV/CRR)
– Participating Members States: euro area plus opt-in countries
– Participating national supervisors: one per participating Member State (NL: DNB)
– Bank significance determines cooperation form between ECB and national supervisors
SSM includes supervision of significant banks
– ±130 institutions, representing ± 85% overall balance sheet total
– ECB coordinates supervision through so-called Joint Supervisory Teams (one per bank)
Single Supervisory Mechanism in a nutshell (1)
–
– National supervisors participate in JST’s (capacity, local knowledge and expertise)
... and also supervision of less-significant banks
– ±6,000 institutions, representing ± 15% overall balance sheet total
– National supervisors in the lead; indirect supervision by ECB (ultimate responsibility)
– ECB can instruct national supervisors and assume the lead at any point in time
4
Single Supervisory Mechanism in a nutshell (2)
SSM foresees horizontal supervision across banks
• Supervision across banks (thematic/by expertise)
• New for NL: on-site supervision as a distinct supervisory function
SSM will introduce new supervisory methodology and processes SSM will introduce new supervisory methodology and processes
• DNB Focus! methodology replaced by SSM Risk Assessment System (RAS)
• DNB SREP-process replaced by SSM SREP-process
… and also new supervisory reporting frameworks
5
Sizeable implications for DNB as SSM supervisor
Governance: DNB cooperates within the SSM, rather than being the final decision-maker
Organisation: how to organize DNB optimally for cooperation within the SSM-context?
People: DNB supervisors go to Frankfurt, while supervisory activities in Amsterdam continue
Supervision within SSM: key changes (1)
New methodologies/processes for banking supervision
Data driven and more emphasis on Dataquality
New (joint) responsibility for supervision of foreign significant banks
6
Supervision within SSM: key changes (2)
Implications for banks
New supervisory approach for assessment of risks and risk mitigations
Supervisory reporting: more reporting, via national supervisors to ECB
Primary working language SSM will be English
New: supervisory fees levied by the ECB
Implications for ‘other’ supervisorsImplications for ‘other’ supervisors
Several supervisory responsibilities remain national
– Conduct-of-business supervision (NL: AFM)
– Prudential supervision on insurers and pension funds (NL: DNB)
– Anti-money laundering / combating terrorism financing
Where applicable, cooperation agreements need to be made with the SSM (Memoranda of
Understanding, MoU’s)
7
Governance SSM
8
Organisation SSM
9
Organisation Supervision DNB
Risicomanagementtoezicht
ING Bank
ABN AMRO
Rabobank
Toezicht Europese banken
Middelgrote banken
Kleine banken enbijkantoren
Beleggingsondernemingen
Toezicht nationaleintellingen
Interne modellenen
kredietrisico's
Financiële risico'sen
kapitaalinstrumenten
Operationele risico's
On-site toezicht enbancaire expertise
Thematisch toezichtintegriteit
Expertisecentrumintegriteitstrategie
Expertisecentrum
Toezicht horizontale functiesen integriteit
Internationaal overlegbanken
BankenKwantitatief beleid
Verzekeraars
ToezichtBeleid
Internationaleverzekeringsgroepen
Nationaleverzekeringsgroepen
Middelgrote verzekeraars
ToezichtVerzekeraars
Grote pensioenfondsen
Middelgrotepensioenfondsen
Kleine
ToezichtPensioenfondsen
Toezicht DNB
Rabobank
Binnenlandsesignificante banken
Buitenlandsesignificante banken
Beleggingsondernemingen
enbeleggingsinstellingen
Betaalinstellingenen
bijzondere projecten
Informatievoorzieningtoezicht
Operationele risico's
en datakwaliteit
IT risico's
Bedrijfsmodellenen
governance
Bedrijfsbureau banken
Expertisecentrum
governance, gedragen cultuur
Expertisecentruminterventie
en handhaving
Expertisecentrummarkttoegang
Expertisecentrumtoetsingen
Verzekeraars
Pensioenen
Algemeen Beleiden Governance
Strategie
Middelgrote verzekeraars
Zorgverzekeraars
Kleine verzekeraarsen procesondersteuning
Expertisecentrumfinanciële risico's
verzekeraars
Expertisecentrum kapitaal
Kleine
pensioeninstellingen enprocesondersteuning
Expertisecentrumfinanciële risico'spensioenfondsen
Expertisecentrumbedrijf en organisatie
On-site toezichtpensioenfondsenen verzekeraars
10
More Harmonisation 1
Key principles:1. Risk based approach (more detail -> high perceived risk).
Head of Mission (HoM) decides intensity2. Proportionality: To reflect nature, scale and complexity of
Credit Institution (CI)
Ultimate objective: assist inspectionsUltimate objective: assist inspections- Detect shortcomings in how CI’s manage their risks- Collect undeniable evidence on deficiencies- Enable JST to prepare solid recommendations
-> solve present problems-> prevent materialisation of emerging problems
11
More Harmonisation 2
Responsibilities:- JST: Supervision strategy -> Supervisory Evaluation Plan (SEP)- JST: To program on-site inspections in cooperation with ECB
Centralised On-site function- HoM: To determine how objectives (set by JST) will be achieved
Methodologies:Methodologies:- Guidance to inspection teams- Topics are non-exhaustive / professional judgement inspectors- Not static; updates by ECB Centralised on-site function
12
On-site inspection life cycle
13
Agenda
1.Europe: ECB: SSM
2.World: ITSG
3.Other Supervisors
14
What is ITSG?
A group which provides an informal platform forintensifying international co-operation and informationexchange on IT and specific IT risks between Heads of ITSupervision at Banking Regulators. The group will alsoprovide an opportunity for greater knowledge of thedifferent supervisory approaches, but will be mindful oflocal regulatory approaches and policies.
The group is not a policy making forum, but is available toprovide expert advice to international groups such asBasel and the Joint Forum.
15
ITSG
Objectives:
Exchanging information on technology risks andsupervisory practices
Establishing an international network for IT supervisors
Promoting efficiency and synergy through cross-bordersupervisory work
Facilitating sound practices in IT supervisionFacilitating sound practices in IT supervision
Facilitating cross-border incident management
16
ITSG
Activities
Annual conference for Heads of IT Supervision orrepresentatives with a focused and technical knowledge ofthe IT environment within banking institutions, especiallywith respect to IT security and continuity.
The conference will last several days with one or tworepresentatives from each supervisory organisation. It ishosted on a rotational basis.hosted on a rotational basis.
The agenda of the conference should cover IT topics/riskswhich are collected in advance by the participants.
Membership
Membership of the group is heads (or representatives) ofIT Supervisors examination departments within bankingand governmental regulatory organisations.
17
Current members
Americas: FDIC, FRB, OCC, Canada, Mexico
Europe: Norway, Sweden, UK, Germany,Netherlands, Luxemburg, Belgium, Spain, Italy,France, Greece
Asia: Australia, Singapore, Hong Kong, China, Japan,Malaysia, South Korea
18
The conferences
2002 Amsterdam
2004 San Antonio
2005 London
2006 Hong Kong
2007 Toronto
2008 Rome2008 Rome
2009 Washington
2010 Sydney
2011 Mexico city
2012 Singapore
2013 Beijing
2014 Frankfurt
19
New entrants
New Membership Admission Criteria:
Sponsorship by a permanent member
2 times present as an observer
Add value to the Group
Enhances the diversity of the ITSG coverage
Large/international financial institutions
presenter, active group member and a future host
20
Some important topics
Security/Cybercrime
Cloud computing
Outsourcing/Offshoring
BCM/Pandemic/Resilience
Mobile and internet paymentsMobile and internet payments
Card fraudes
Incidents
Peer reviews
21
Agenda
1.Europe: ECB: SSM
2.World: ITSG
3.Other Supervisors
22
Other Supervisors
USA: FFIEC
Europe: EBA
Europe: Secure Pay ForumEurope: Secure Pay Forum
Asia: SEACEN
23
Background Information:
www.dnb.nl
www.afm.nl
www.bis.org
www.ecb.int/home
www.c-ebs.org
www.federalreserve.gov
www.ffiec.gov
www.ecb.europa.eu/ssm
24
Questions?
Evert KoningOperational Risks & Data quality
Telephone: +31 20 524 2428Mobile: +31 6 524 96 399E-mail: : [email protected]
25