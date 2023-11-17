ECB warns banks: regulate your IT systems. Don’t undermine the system

Banks lose millions of euros due to poorly done Information Technology outsourcing. This is what the Bank said on Wednesday Central European conducted a survey of the banks it supervises this year and has also carried out 22 inspections since 2020. This is to understand how credit institutions have prepared to face risks, the actions of hackers, the aging systems of technological devices and the presence of inadequate external contractors.

To the banks of the euro area, the current condition of difficulty cost 148 million euros ($160.59 million) in 2022, a 360% increase from the previous yearfollowing the “unavailability or poor quality of outsourced services”.

The causes are often associated with the behavior of external technology contractors who promise performance that they then fail to deliver. In essence, the credit sector deals with IT risks inadequately. Banks, the Reuters news agency also explained, are making increasingly massive use of outsourcing and are therefore moving from storing data on their internal servers to cloud-based services. In 2022, the choice meant that overall cloud expenses incurred increased by 56%, representing 3.1% of all the money spent by banks on IT. Exponential growth.

We are in a position where many institutions would not even have been able to identify the potential risks they face. With the effect that the ECB asked them to adapt their parameters and adopt immediate security measures, with particular focus addressed to the supervised banks. Outsourcing, the effect of externalization, is a notoriously difficult activity to control, we are putting our data in the hands of someone else. If in the majority of cases these processes take place with effective structures there would also be problems more complex ones that loom over the institutes and that emerge during construction, which must be responded to.

The ECB stressed that these setbacks were isolated incidents within specific institutions rather than indicative of a broader sectoral trend. However, he also reported that banks often have failed to adequately meet IT security requirements as part of their outsourcing arrangements. This warning from the ECB points to the critical need for eurozone banks to be more aggressive in strengthening their cybersecurity measures and exercise rigorous oversight over commitments made by external technology contractors. Otherwise, in addition to the economic risk and losses, the very stability of the sector and its reliability are called into question.

Subscribe to the newsletter