Comments to the consultation ”EBA draft Guidelines on ICT and security risk management, EBA/CP/2019/15, 13 December 2018”
The Swedish Saving Banks Association support the proposed Guidelines, but have the opinion that Chapter 4.1 Proportionality should contain more precise rules on how proportionality should be interpreted with threshold when the rules is applicable for institutions based on size, their internal organization, the nature, scope, complexity and riskiness of the services and products that the financial institutions provide or intend to provide. The thresholds should be quantitative and simple to apply on the institutions, compare with EBA/GL/2017/10, page 10, thresholds for reporting incidents according to PSD2. For our members the clarification should be of great help for understanding the regulation and also for the compliance of the regulation. It should also help the FSA in their supervision.
Stockholm den 6 mars 2019
SWEDISH SAVING BANKS ASSOCIATION
Ewa Andersen, CEO and Jan Hedqvist