Outdated browser

You are using an outdated browser. DNB.nl works best with:

Announcement: IT risk self-assessment

News item supervision

Published: 26 April 2022

Iemand bij de hardware van een grote computer

The 2021 supervisory agenda includes an IT self-assessment for payment institutions and electronic money institutions. The purpose of this assessment is to obtain an up-to-date overview of institutions’ management of IT risks. The questionnaire, explanatory notes and information about the deadline will be made available to the participating institutions at the beginning of June.

Compared to last year, we have made some changes to the format of this self-assessment. This year, institutions can also use existing independent audit reports to demonstrate their adequate management of IT risks. The questionnaire is also better aligned with the EBA Guidelines on ICT and security risk management (EBA/GL/2019/04) and outsourcing (EBA/GL/2019/02). We discussed the changes to the format to improve the clarity of the assessment with a number of institutions.

Not all licensed institutions will have to complete this self-assessment: institutions that recently obtained their license or were recently subjected to a more in-depth IT examination will not be asked to participate.

We will share the key observations from the assessment with the sector in the second half of this year.

Discover related articles