DNB & the AFM jointly inform you about the state of affairs regarding the European sanctions against Russia. This news item only relates to new sanctions and/or changes to existing sanctions regimes concerning the situation in Ukraine.Read more
Announcement: IT risk self-assessment
The 2021 supervisory agenda includes an IT self-assessment for payment institutions and electronic money institutions. The purpose of this assessment is to obtain an up-to-date overview of institutions’ management of IT risks. The questionnaire, explanatory notes and information about the deadline will be made available to the participating institutions at the beginning of June.
Compared to last year, we have made some changes to the format of this self-assessment. This year, institutions can also use existing independent audit reports to demonstrate their adequate management of IT risks. The questionnaire is also better aligned with the EBA Guidelines on ICT and security risk management (EBA/GL/2019/04) and outsourcing (EBA/GL/2019/02). We discussed the changes to the format to improve the clarity of the assessment with a number of institutions.
Not all licensed institutions will have to complete this self-assessment: institutions that recently obtained their license or were recently subjected to a more in-depth IT examination will not be asked to participate.
We will share the key observations from the assessment with the sector in the second half of this year.
- Payment institutions