Basel Committee publishes report on information and communication technology risk management

• The Basel Committee has published a report describing a range of observed information and communication technology (ICT) risk management practices across jurisdictions to address non-malicious ICT incidents.
• ICT is a key component of operational risk management, playing a vital role in supporting the broader goal of achieving operational resilience.
• The Committee will continue to monitor developments related to the digitalisation of finance and financial technology from a prudential perspective.

The Basel Committee on Banking Supervision today published a range of practices report on information and communication technology (ICT) risk management. ICT is a key component of operational risk management, playing a vital role in supporting the broader goal of achieving operational resilience. Banks operational resilience to ICT incidents has become increasingly important in an evolving and digitalised technology landscape.

This range of practices report on ICT risk management complements the Basel Committee's report on cyber resilience by concentrating specifically on non-malicious ICT incidents in banks that affect the delivery of critical operations and services. This report aims to identify, describe and compare observed bank ICT risk management practices and regulatory and supervisory approaches across jurisdictions. The practices documented may serve as reference points for banks and supervisory authorities to adapt and develop ICT risk management practices that are most appropriate for their specific circumstances.

The Committee will continue to monitor developments and exchange supervisory insights related to the digitalisation of finance and financial technology from a prudential perspective, including developments in artificial intelligence  models and the implications for banks cyber security.