• In an environment of increasing interconnectedness and complexity in the chain of actors providing financial services, wherein ICT and Cyber security are fundamental in preserving the integrity of systems and data, the EBF welcomes the initiative of EBA to provide guidance for an enhanced resilience of the financial ecosystem, creating at the same time a level playing field for all entities involved.
• It is important for the Guidelines to combine clarity with a degree of flexibility, so as to accommodate internal organisation variations within financial institutions and avoid being too prescriptive (e.g. as to the content of the three lines of defence).
• The EBF proposes that it would be helpful for EBA to make an addition in Section 3 “Background and rationale” about how they envisage the supervision of the implementation of the Guidelines (e.g. possible role for the NCAs).
• The EBF believes that a risk-based approach should be adopted in these Guidelines, especially when controls are mentioned.
• Harmonisation of regulatory requirements is a standing request of the European banking sector so as to facilitate compliance and avoid duplication and overlapping. Therefore, it is proposed that these draft Guidelines are linked – where relevant - to European and international practices/requirements/standards already in place.
For specific comments on all proposals put forward in this consultation paper, please refer to the attached EBF response.