Developments in International IT-Supervision

Developments in International IT-Supervision CBCS: Information Technology Service Management Seminar Evert Koning, 18 November 2014

Agenda 1.Europe: ECB: SSM 2.World: ITSG 3.Other Supervisors 2

Banking Union: More than supervision Objectives of Banking Union Break the link between Member States and their banks Improve cross-border supervision and confidence in banks Reduce financial risks to taxpayers Three Pillars of Banking Union 1. Single framework for supervision: Single Supervisory Mechanism (SSM) 2. Single framework for resolving banks: Single Resolution Mechanism (SRM) 3. Common system of deposit protection (DGS) 3

Single Supervisory Mechanism in a nutshell (1) SSM entails close cooperation between ECB and national supervisors Scope SSM is prudential banking supervision (CRD IV/CRR) Participating Members States: euro area plus opt-in countries Participating national supervisors: one per participating Member State (NL: DNB) Bank significance determines cooperation form between ECB and national supervisors SSM includes supervision of significant banks ±130 institutions, representing ± 85% overall balance sheet total ECB coordinates supervision through so-called Joint Supervisory Teams (one per bank) National supervisors participate in JST s (capacity, local knowledge and expertise)... and also supervision of less-significant banks ±6,000 institutions, representing ± 15% overall balance sheet total National supervisors in the lead; indirect supervision by ECB (ultimate responsibility) ECB can instruct national supervisors and assume the lead at any point in time 4

Single Supervisory Mechanism in a nutshell (2) SSM foresees horizontal supervision across banks Supervision across banks (thematic/by expertise) New for NL: on-site supervision as a distinct supervisory function SSM will introduce new supervisory methodology and processes DNB Focus! methodology replaced by SSM Risk Assessment System (RAS) DNB SREP-process replaced by SSM SREP-process and also new supervisory reporting frameworks 5

Supervision within SSM: key changes (1) Sizeable implications for DNB as SSM supervisor Governance: DNB cooperates within the SSM, rather than being the final decision-maker Organisation: how to organize DNB optimally for cooperation within the SSM-context? People: DNB supervisors go to Frankfurt, while supervisory activities in Amsterdam continue New methodologies/processes for banking supervision Data driven and more emphasis on Dataquality New (joint) responsibility for supervision of foreign significant banks 6

Supervision within SSM: key changes (2) Implications for banks New supervisory approach for assessment of risks and risk mitigations Supervisory reporting: more reporting, via national supervisors to ECB Primary working language SSM will be English New: supervisory fees levied by the ECB Implications for other supervisors Several supervisory responsibilities remain national Conduct-of-business supervision (NL: AFM) Prudential supervision on insurers and pension funds (NL: DNB) Anti-money laundering / combating terrorism financing Where applicable, cooperation agreements need to be made with the SSM (Memoranda of Understanding, MoU s) 7

Governance SSM 8

Organisation SSM 9

Organisation Supervision DNB Toezicht DNB Risicomanagement toezicht Toezicht Europese banken Toezicht nationale intellingen On-site toezicht en bancaire expertise Toezicht horizontale functies en integriteit Toezicht Beleid Toezicht Verzekeraars Toezicht Pensioenfondsen ING Bank Middelgrote banken Interne modellen en kredietrisico's Thematisch toezicht integriteit Internationaal overleg banken Internationale verzekeringsgroepen Grote pensioenfondsen ABN AMRO Kleine banken en bijkantoren Financiële risico's en kapitaalinstrumenten Expertisecentrum integriteitstrategie Banken Kwantitatief beleid Nationale verzekeringsgroepen Middelgrote pensioenfondsen Rabobank Beleggingsondernemingen en beleggingsinstellingen Operationele risico's en datakwaliteit Expertisecentrum governance, gedrag en cultuur Verzekeraars Middelgrote verzekeraars Kleine pensioeninstellingen en procesondersteuning Binnenlandse significante banken Betaalinstellingen en bijzondere projecten IT risico's Expertisecentrum interventie en handhaving Pensioenen Zorgverzekeraars Expertisecentrum financiële risico's pensioenfondsen Buitenlandse significante banken Informatievoorziening toezicht Bedrijfsmodellen en governance Expertisecentrum markttoegang Algemeen Beleid en Governance Kleine verzekeraars en procesondersteuning Expertisecentrum bedrijf en organisatie Bedrijfsbureau banken Expertisecentrum toetsingen Strategie Expertisecentrum financiële risico's verzekeraars On-site toezicht pensioenfondsen en verzekeraars Expertisecentrum kapitaal 10

More Harmonisation 1 Key principles: 1. Risk based approach (more detail -> high perceived risk). Head of Mission (HoM) decides intensity 2. Proportionality: To reflect nature, scale and complexity of Credit Institution (CI) Ultimate objective: assist inspections - Detect shortcomings in how CI s manage their risks - Collect undeniable evidence on deficiencies - Enable JST to prepare solid recommendations -> solve present problems -> prevent materialisation of emerging problems 11

More Harmonisation 2 Responsibilities: - JST: Supervision strategy -> Supervisory Evaluation Plan (SEP) - JST: To program on-site inspections in cooperation with ECB Centralised On-site function - HoM: To determine how objectives (set by JST) will be achieved Methodologies: - Guidance to inspection teams - Topics are non-exhaustive / professional judgement inspectors - Not static; updates by ECB Centralised on-site function 12

On-site inspection life cycle 13

Agenda 1.Europe: ECB: SSM 2.World: ITSG 3.Other Supervisors 14

What is ITSG? A group which provides an informal platform for intensifying international co-operation and information exchange on IT and specific IT risks between Heads of IT Supervision at Banking Regulators. The group will also provide an opportunity for greater knowledge of the different supervisory approaches, but will be mindful of local regulatory approaches and policies. The group is not a policy making forum, but is available to provide expert advice to international groups such as Basel and the Joint Forum. 15

ITSG Objectives: Exchanging information on technology risks and supervisory practices Establishing an international network for IT supervisors Promoting efficiency and synergy through cross-border supervisory work Facilitating sound practices in IT supervision Facilitating cross-border incident management 16

ITSG Activities Annual conference for Heads of IT Supervision or representatives with a focused and technical knowledge of the IT environment within banking institutions, especially with respect to IT security and continuity. The conference will last several days with one or two representatives from each supervisory organisation. It is hosted on a rotational basis. The agenda of the conference should cover IT topics/risks which are collected in advance by the participants. Membership Membership of the group is heads (or representatives) of IT Supervisors examination departments within banking and governmental regulatory organisations. 17

Current members Americas: FDIC, FRB, OCC, Canada, Mexico Europe: Norway, Sweden, UK, Germany, Netherlands, Luxemburg, Belgium, Spain, Italy, France, Greece Asia: Australia, Singapore, Hong Kong, China, Japan, Malaysia, South Korea 18

The conferences 2002 Amsterdam 2004 San Antonio 2005 London 2006 Hong Kong 2007 Toronto 2008 Rome 2009 Washington 2010 Sydney 2011 Mexico city 2012 Singapore 2013 Beijing 2014 Frankfurt 19

New entrants New Membership Admission Criteria: Sponsorship by a permanent member 2 times present as an observer Add value to the Group Enhances the diversity of the ITSG coverage Large/international financial institutions presenter, active group member and a future host 20

Some important topics Security/Cybercrime Cloud computing Outsourcing/Offshoring BCM/Pandemic/Resilience Mobile and internet payments Card fraudes Incidents Peer reviews 21

Agenda 1. Europe: ECB: SSM 2. World: ITSG 3. Other Supervisors 22

Other Supervisors USA: FFIEC Europe: EBA Europe: Secure Pay Forum Asia: SEACEN 23

Background Information: www.dnb.nl www.afm.nl www.bis.org www.ecb.int/home www.c-ebs.org www.federalreserve.gov www.ffiec.gov www.ecb.europa.eu/ssm 24

Questions? Evert Koning Operational Risks & Data quality Telephone: Mobile: E-mail: : 25 +31 20 524 2428 +31 6 524 96 399 e.koning@dnb.nl