The European Banking Authority (EBA) published the conclusion of its peer review of how competent authorities supervise institutions’ ICT risk management and have implemented the EBA Guidelines on ICT risk assessment under the supervisory review and evaluation process (SREP). Overall, the analysis suggests that the competent authorities across the EU have applied a risk-based approach to the supervision of ICT risk management. The EBA has not identified any significant concerns regarding the supervisory practices but makes some general recommendations for further improvements.
