Basel Committee publishes report on ICT risk management

The Basel Committee on Banking Supervision has published a report outlining a range of ICT (Information and Communication Technology) risk management practices observed across different jurisdictions, with a particular focus on managing non-malicious ICT incidents.

ICT risk management remains a critical element of operational risk management and plays an essential role in supporting banks’ operational resilience. As financial services become increasingly digitalised, the ability of banks to withstand and recover from ICT disruptions has become more important than ever.

The report complements the Committee’s earlier work on cyber resilience by focusing specifically on non-malicious ICT incidents that may disrupt critical banking operations and services. It provides an overview of supervisory approaches and industry practices observed across jurisdictions, offering valuable reference points for both banks and supervisory authorities when enhancing their ICT risk management frameworks.

According to the Basel Committee, the report is intended to support the ongoing development of effective ICT risk management practices while recognising that approaches should be tailored to the specific circumstances of individual institutions and jurisdictions.

The Committee also confirmed that it will continue monitoring developments related to the digitalisation of finance and financial innovation from a prudential perspective, including the growing use of artificial intelligence and its potential implications for banks’ cyber security and operational resilience.