European regulators have said banks need to tighten up their governance over IT outsourcing partners. There have been too many outages and security breaches for action not to be taken.
The call comes from the Joint Committee of the European Supervisory Authorities (JCESA), which in turn represents he European Banking Authority, European Securities and Markets Authority and European Insurance and Occupational Pensions Authority. Reported on the Out-Law site, probably the most damning thing about the report is the suggestion that the banks don’t actually realise the risks they face.
The report says banks need professional security risk assessment and help and highlights that lowered profits have made them less inclined to invest. However, it calls for safeguards against budgetary pressures in the light of increased risk from cybercrime.
The report points to a number of security incidents that have actually happened and suggests that although action has been taken it may not be the right action as such. Regulators themselves must improve their knowledge of what’s going on and what’s likely to hit the banks, and there needs to be better cross-border co-operation within Europe – yes, we’d assumed that was already happening, too.
The implications for outsourcing partners are clear. Communication is everything and assuming the banks respond to the report adequately there will be some better-informed communication to which you’ll need to respond.
Which is in everybody’s interests in the end – it’s just that it might make working in the financial sector a little stickier in the short term.