Duration

4 days

Application deadline

1 August 2025

Objective

As the digital transformation progresses, information technology is becoming ever more important to the functioning of banks. At the same time, however, these technologies bear great risks and potential for abuse, both internal and external. Supervisors need to focus their attention on the risks associated with the use of information technology.

This course gives an overview of current practices in IT supervision at banks from both a regulatory and a practical perspective. The course content will cover the general EU framework and its transposition into German law and supervisory practices. The sessions will discuss typical IT issues that banks face, shed light on the assessment techniques used by supervisors in their review and evaluation process (SREP) and in on-site inspections, and highlight specific IT problems.

Participants are expected to make an active contribution in this course, e.g. by presenting and discussing typical challenges and experiences faced in their own national IT supervision.

Content

• Overview of the European and German banking supervision systems as well as laws and regulations for IT supervision
• Introduction to IT security and IT supervision
• Minimum Requirements for Risk Management with a focus on IT and outsourcing requirements
• Setting up an on-site inspection for IT and typical findings in Germany
• Deep dive on selected topics (e.g. user access rights, application development, outsourcing management, penetration testing, DORA)
• Gathering off-site information for the supervisory review and evaluation process for IT (IT SREP)
• Group work, e.g. on evaluating an on-site inspection report for IT

Target group

Policymakers in banking supervision, on-site and off-site supervisors, IT auditors. Participants should have at least an intermediate understanding of banking supervision and ICT.