Results of the Banking Supervision Department’s examination of the technological risk governance regime in the banking system

  • Technological risks are a focus of the Banking Supervision Department’s attention, as with leading regulators around the world. In recent years, a broad agreement has developed that these risks are trending upward.
  • The Banking Supervision Department is responding to concern over the increasing technological risks through a variety of means, including examinations, in parallel with the promotion of innovation and technology in a variety of areas of banking activity.
  • The examination that the Banking Supervision Department carried out in the past year examined the quality of the technological risk governance, the framework for managing and controlling risks, and the resources dedicated to their management, among other things.
  • Through this process, the Banking Supervision Department has identified a significant effort on the part of the banking system to manage technological risks, including cyber risks.  There are many organizational units operating within the banks in the area of risk management and control. However, there are areas that require improvement and strengthening, and each bank has received specific requirements related to its situation. 

For example:

o   To continue strengthening the Board of Directors’ technological understanding.

o   To make sure that technological risk components are fully identified and assessed, including the reliability and completeness of data (data integrity risk) and the risk in managing changes (IT change risk), the application of new technologies and strategic technological projects that the banks are carrying out.

o   To strengthen the supervision and monitoring of strategic projects that involve not only the application of new technology, but also changes in processes and in the organizational structure.  The complexity of these projects makes it necessary to manage them in accordance with a clear methodology, with the guidance of the independent risk management function, real-time examinations by the internal audit, and supervision by the Board of Directors.

o   Requirements to strengthen the independent risk management function in the field of technological risks.

 

Supervisor of Banks Yair Avidan said: “Technology is a necessary condition of banks’ ability to develop and provide a variety of competitive services and products, which give value to the customers and to the public as a whole.  At the same time, the application of technology naturally involves significant risks. In order to achieve sustainable positive results that optimally balance the advantages of technology and the minimization of risk, the banks must ensure a high level of governance in risk management. The broad examination process is mainly intended to ensure that the requirement of three lines of effective defense is met and that there is significant Board of Directors supervision, thereby strengthening corporate governance in managing the risk.”