Finantsinspektsioon is directing banks to minimise their IT risks

03/11/2022

Finantsinspektsioon is drawing the attention of smaller banks to the need to minimise their IT risks at a time when the number of attacks aimed at them has multiplied and there are heightened IT risks throughout the world. The analysis done for Finantsinspektsioon shows that the IT risks of small banks in Estonia are similar to those of large European banks, and the measures taken to minimise those risks are at least as effective. Finantsinspektsioon only analysed the IT risks at small banks, and a similar analysis was carried out for the large banks in Estonia by the European Central Bank.

The number of cyber attacks aimed at small banks or their service providers was around three times as high in 2021 as it was in the previous year. The danger of an attack against the banks themselves or the systems of key service providers that could seriously affect the operation of their services remains high in consequence of the war that started in 2022 between Russia and Ukraine. Information sent to Finantsinspektsioon shows that small banks consider the risks associated with outsourcing IT activities to be greater than the average. The more small banks use external partners for their IT activities, the greater the risk. As the banks in Estonia mainly provide services through e-channels, the risks around the continuity of e-channels are higher than the average. Several software companies gave warning of security weaknesses in some widely used software last year, and the banks had to react quickly and take all the necessary measures to avoid the associated risks.

IT risk is one of the most important risks for banks, as most of the processes in the banks depend on technological solutions operating reliably and securely The banks work in an environment where the expectations of clients are constantly increasing, while the IT landscape and the rules governing it are constantly developing and being updated. The complexity of the IT environment and the number of different cyber attacks are leading to high expectations for the cyber security of the banks.

Finantsinspektsioon regularly analyses the level of IT risk at the small banks and the change in it, and the effectiveness of measures taken and any possible shortfalls in them. The small banks are Inbank, LHV Pank, Coop Pank, TBB pank, Bigbank, and Holm Bank. These are the banks that fall under direct supervision by Finantsinspektsioon. The IT risks are similar for the small banks and the large banks in Estonia.

More news

1204.24

Finantsinspektsioon held a joint seminar with the Securities and Exchange Commission

Finantsinspektsioon held a seminar on 8-12 April with experts from the US Securities and Exchange Commission (SEC) that discussed the best practices in market oversight and securities enforcement, including investor protection and practical exercises, together with training on investigating marke

1503.24

Scam emails are being sent out in the name of Finantsinspektsioon

Scam emails are being sent out in the name of Kilvar Kessler, head of Finantsinspektsioon, from an address ending @ee-fi.com. The emails are frauds, and Finantsinspektsioon urges people to be vigilant and not to open such emails.

0403.24

There have been problems with access to everyday banking services says Kilvar Kessler

Basic payment services should be available even if providing those services does not bring significant income to the banks said chair of the Finantsinspektsioon board Kilvar Kessler today at an information seminar organised for banks and bank branches.

0403.24

Kilvar Kessler tells a conference that Finantsinspektsioon is increasing the resilience of the financial sector

Tensions in international relations have led Finantsinspektsioon to pay more attention than previously to the operation of vital financial services during a crisis said chair of the Finantsinspektsioon board Kilvar Kessler at a conference on economic security on Tuesday.