ACPR discussion paper on managing and processing IT risk

France’s Prudential Supervision and Resolution Authority, the ACPR, published a remarkable paper in March this year looking at the management and processing of IT risk by credit institutions.

The paper was produced in the context of the banking regulator’s expectations for Monaco-based credit institutions outlined in June 2017, when Mr Visnovsky, Deputy Secretary General of the ACPR, indicated that cybersecurity represented a major risk for Monegasque credit institutions.

Drafted by the ACPR’s own IT risk experts, the paper defines IT risk as being part of operational risk. It also categorises IT risks according to their specific nature, and finally recommends best practices for each IT risk type defined, to ensure it is managed effectively.

Although the paper has no legally binding value, it nonetheless provides a comprehensive, practical study that can be used by Monegasque credit institutions to assess their IT risk prevention and management systems.