A joint initiative by the American Bankers Association and the Financial Services Coordinating Council supports expanding cloud deployment while aiming to mitigate associated risks. Published July 29, 2025, the ABA Banking Journal outlines collaboration among federal regulators, banks and major cloud providers (AWS, Microsoft Azure, Google Cloud, IBM). It highlights key risks—such as CSP‑related operational incidents, misconfigurations under shared‑responsibility models, monitoring gaps, tool and talent deficiencies, and market concentration. The article details a voluntary 16‑section reference tool covering audit, supply‑chain risk, contractual provisions, operational resilience and more. It aims to enhance transparency, cyber‑resilience and regulatory alignment in cloud adoption.
The guide emphasizes a foundational set of principles that apply across all risk types. These include robust governance, comprehensive documentation, sound data management, and effective model risk management.
This opinion and accompanying report from the 𝗘𝗕𝗔 provides a comprehensive overview of 𝗺𝗼𝗻𝗲𝘆 𝗹𝗮𝘂𝗻𝗱𝗲𝗿𝗶𝗻𝗴 (𝗠𝗟) 𝗮𝗻𝗱 𝘁𝗲𝗿𝗿𝗼𝗿𝗶𝘀𝘁 𝗳𝗶𝗻𝗮𝗻𝗰𝗶𝗻𝗴 (𝗧𝗙) 𝗿𝗶𝘀𝗸𝘀 across the EU's financial sector from 2022 to 2024. The EBA, mandated to issue such an opinion biennially, identifies evolving threats driven by technological innovation, including vulnerabilities in FinTech, RegTech, and crypto assets, alongside the 𝗶𝗻𝗰𝗿𝗲𝗮𝘀𝗶𝗻𝗴 𝘀𝗼𝗽𝗵𝗶𝘀𝘁𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗼𝗳 𝗳𝗿𝗮𝘂𝗱 𝗮𝗻𝗱 𝗰𝘆𝗯𝗲𝗿𝗰𝗿𝗶𝗺𝗲 𝘀𝗰𝗵𝗲𝗺𝗲𝘀. While acknowledging positive developments like reduced tax crime risks and improved supervisory engagement in certain areas, the EBA highlights persistent challenges such as 𝗶𝗻𝗰𝗼𝗻𝘀𝗶𝘀𝘁𝗲𝗻𝘁 𝗮𝗻𝘁𝗶-𝗺𝗼𝗻𝗲𝘆 𝗹𝗮𝘂𝗻𝗱𝗲𝗿𝗶𝗻𝗴 𝗮𝗻𝗱 𝗰𝗼𝘂𝗻𝘁𝗲𝗿-𝘁𝗲𝗿𝗿𝗼𝗿𝗶𝘀𝘁 𝗳𝗶𝗻𝗮𝗻𝗰𝗶𝗻𝗴 (𝗔𝗠𝗟/𝗖𝗙𝗧) 𝘀𝘆𝘀𝘁𝗲𝗺 𝗲𝗳𝗳𝗲𝗰𝘁𝗶𝘃𝗲𝗻𝗲𝘀𝘀 𝗮𝗻𝗱 𝘁𝗵𝗲 𝗰𝗼𝗻𝘁𝗶𝗻𝘂𝗲𝗱 𝗽𝗿𝗼𝗺𝗶𝗻𝗲𝗻𝗰𝗲 𝗼𝗳 𝗰𝘂𝘀𝘁𝗼𝗺𝗲𝗿 𝗱𝘂𝗲 𝗱𝗶𝗹𝗶𝗴𝗲𝗻𝗰𝗲 (𝗖𝗗𝗗) 𝘀𝗵𝗼𝗿𝘁𝗰𝗼𝗺𝗶𝗻𝗴𝘀. The report underscores the critical need for regulatory clarity and a more unified application of risk-based approaches throughout the EU's financial landscape.
This comprehensive report from 𝗘𝗜𝗢𝗣𝗔 provides a 𝗳𝗼𝗹𝗹𝗼𝘄-𝘂𝗽 𝘁𝗼 𝗮 𝗽𝗲𝗲𝗿 𝗿𝗲𝘃𝗶𝗲𝘄 𝗼𝗻 𝗼𝘂𝘁𝘀𝗼𝘂𝗿𝗰𝗶𝗻𝗴, assessing the progress made by 𝗡𝗮𝘁𝗶𝗼𝗻𝗮𝗹 𝗦𝘂𝗽𝗲𝗿𝘃𝗶𝘀𝗼𝗿𝘆 𝗔𝘂𝘁𝗵𝗼𝗿𝗶𝘁𝗶𝗲𝘀 (𝗡𝗦𝗔𝘀) in strengthening their oversight of 𝗼𝘂𝘁𝘀𝗼𝘂𝗿𝗰𝗶𝗻𝗴 𝘄𝗶𝘁𝗵𝗶𝗻 𝘁𝗵𝗲 𝗶𝗻𝘀𝘂𝗿𝗮𝗻𝗰𝗲 𝘀𝗲𝗰𝘁𝗼𝗿. It details the 𝗺𝗲𝘁𝗵𝗼𝗱𝗼𝗹𝗼𝗴𝘆 used, the 𝘀𝗰𝗼𝗽𝗲 of the review, and the 𝗲𝘃𝗮𝗹𝘂𝗮𝘁𝗶𝗼𝗻 𝗰𝗿𝗶𝘁𝗲𝗿𝗶𝗮 applied to recommended actions. The document highlights 𝘀𝗶𝗴𝗻𝗶𝗳𝗶𝗰𝗮𝗻𝘁 𝗮𝗱𝘃𝗮𝗻𝗰𝗲𝗺𝗲𝗻𝘁𝘀 by NSAs in areas such as 𝗼𝘂𝘁𝘀𝗼𝘂𝗿𝗰𝗶𝗻𝗴 𝗳𝗿𝗮𝗺𝗲𝘄𝗼𝗿𝗸𝘀, 𝗻𝗼𝘁𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗽𝗿𝗼𝗰𝗲𝘀𝘀𝗲𝘀, 𝗮𝗻𝗱 𝗱𝗼𝗰𝘂𝗺𝗲𝗻𝘁𝗮𝘁𝗶𝗼𝗻 𝗺𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁, with many recommended actions being 𝗳𝘂𝗹𝗳𝗶𝗹𝗹𝗲𝗱 𝗼𝗿 𝗽𝗮𝗿𝘁𝗶𝗮𝗹𝗹𝘆 𝗳𝘂𝗹𝗳𝗶𝗹𝗹𝗲𝗱. However, it also identifies 𝗿𝗲𝗺𝗮𝗶𝗻𝗶𝗻𝗴 𝗴𝗮𝗽𝘀, particularly in 𝗼𝗳𝗳-𝘀𝗶𝘁𝗲 𝘀𝘂𝗽𝗲𝗿𝘃𝗶𝘀𝗶𝗼𝗻 and the 𝗳𝘂𝗹𝗹 𝗼𝗽𝗲𝗿𝗮𝘁𝗶𝗼𝗻𝗮𝗹𝗶𝘇𝗮𝘁𝗶𝗼𝗻 𝗼𝗳 𝘀𝘂𝗽𝗲𝗿𝘃𝗶𝘀𝗼𝗿𝘆 𝘁𝗼𝗼𝗹𝘀, emphasizing the need for 𝗰𝗼𝗻𝘁𝗶𝗻𝘂𝗲𝗱 𝗲𝘃𝗼𝗹𝘂𝘁𝗶𝗼𝗻 𝗼𝗳 𝘀𝘂𝗽𝗲𝗿𝘃𝗶𝘀𝗼𝗿𝘆 𝗽𝗿𝗮𝗰𝘁𝗶𝗰𝗲𝘀 to ensure effective and continuous oversight of outsourcing arrangements.
This paper introduces an 𝗶𝗻𝗻𝗼𝘃𝗮𝘁𝗶𝘃𝗲 𝗵𝘆𝗯𝗿𝗶𝗱 𝗶𝗻𝘀𝘂𝗿𝗮𝗻𝗰𝗲 𝗺𝗼𝗱𝗲𝗹 designed to cover 𝗵𝗲𝗮𝘃𝘆-𝘁𝗮𝗶𝗹𝗲𝗱 𝗹𝗼𝘀𝘀𝗲𝘀, which are extreme and potentially limitless financial damages, often associated with natural disasters. 𝗧𝗵𝗲 𝗺𝗼𝗱𝗲𝗹 𝗰𝗼𝗺𝗯𝗶𝗻𝗲𝘀 𝘁𝗿𝗮𝗱𝗶𝘁𝗶𝗼𝗻𝗮𝗹 𝗶𝗻𝗱𝗲𝗺𝗻𝗶𝘁𝘆-𝗯𝗮𝘀𝗲𝗱 𝗶𝗻𝘀𝘂𝗿𝗮𝗻𝗰𝗲 𝗳𝗼𝗿 𝘀𝗺𝗮𝗹𝗹𝗲𝗿 𝗹𝗼𝘀𝘀𝗲𝘀 𝘄𝗶𝘁𝗵 𝗽𝗮𝗿𝗮𝗺𝗲𝘁𝗿𝗶𝗰 (𝗶𝗻𝗱𝗲𝘅-𝗯𝗮𝘀𝗲𝗱) 𝗶𝗻𝘀𝘂𝗿𝗮𝗻𝗰𝗲 𝗳𝗼𝗿 𝗹𝗮𝗿𝗴𝗲𝗿, 𝗰𝗮𝘁𝗮𝘀𝘁𝗿𝗼𝗽𝗵𝗶𝗰 𝗲𝘃𝗲𝗻𝘁𝘀. A key contribution is the development of a 𝘀𝗽𝗲𝗰𝗶𝗮𝗹𝗶𝘇𝗲𝗱 𝗼𝗽𝘁𝗶𝗺𝗶𝘇𝗮𝘁𝗶𝗼𝗻 𝗰𝗿𝗶𝘁𝗲𝗿𝗶𝗼𝗻 and a 𝘁𝘄𝗼-𝘀𝘁𝗲𝗽 𝗰𝗮𝗹𝗶𝗯𝗿𝗮𝘁𝗶𝗼𝗻 𝗺𝗲𝘁𝗵𝗼𝗱𝗼𝗹𝗼𝗴𝘆 that can leverage readily available covariate data, even when comprehensive loss data is scarce. Empirical analysis using both 𝘀𝗶𝗺𝘂𝗹𝗮𝘁𝗲𝗱 𝗮𝗻𝗱 𝗿𝗲𝗮𝗹-𝘄𝗼𝗿𝗹𝗱 𝘁𝗼𝗿𝗻𝗮𝗱𝗼 𝗱𝗮𝘁𝗮 demonstrates that 𝘁𝗵𝗶𝘀 𝗵𝘆𝗯𝗿𝗶𝗱 𝗰𝗼𝗻𝘁𝗿𝗮𝗰𝘁 𝗼𝘂𝘁𝗽𝗲𝗿𝗳𝗼𝗿𝗺𝘀 𝘁𝗿𝗮𝗱𝗶𝘁𝗶𝗼𝗻𝗮𝗹 𝗰𝗮𝗽𝗽𝗲𝗱 𝗶𝗻𝗱𝗲𝗺𝗻𝗶𝘁𝘆 𝗰𝗼𝗻𝘁𝗿𝗮𝗰𝘁𝘀 by providing better coverage for the same premium, especially benefiting regions with limited data. The authors highlight the practical advantages of 𝗳𝗮𝘀𝘁𝗲𝗿 𝗰𝗼𝗺𝗽𝗲𝗻𝘀𝗮𝘁𝗶𝗼𝗻 and 𝗿𝗲𝗱𝘂𝗰𝗲𝗱 𝗼𝗽𝗲𝗿𝗮𝘁𝗶𝗼𝗻𝗮𝗹 𝗰𝗼𝘀𝘁𝘀 offered by the parametric component.
This academic paper proposes these 𝗸𝗲𝘆 𝘁𝗮𝗸𝗲𝗮𝘄𝗮𝘆𝘀:
• The analysis provides a framework for introducing index insurance in competition with traditional products, emphasizing demand and solvency.
• Key drivers for index insurance demand are policyholder risk aversion, compensation speed advantage over traditional products, and its pricing (loading factor).
• The proposed hybrid product effectively balances the strengths of both insurance types by applying index insurance where it is “most suitable for policyholders,” accelerating compensation, and potentially reducing premiums.
• The methodology can help insurers identify specific loss types for which index compensation is preferred, optimizing portfolio structure and claims management.
• Future work will address modeling demand for index insurance in situations where traditional indemnity-based insurance is unavailable, requiring a “more nuanced approach to calibrate the utility function.”
This 𝗘𝗕𝗔 report, created in consultation with 𝗘𝗦𝗠𝗔 and 𝗘𝗜𝗢𝗣𝗔, addresses the 𝗽𝗿𝗼𝘃𝗶𝘀𝗶𝗼𝗻 𝗼𝗳 𝗰𝗼𝗿𝗲 𝗯𝗮𝗻𝗸𝗶𝗻𝗴 𝘀𝗲𝗿𝘃𝗶𝗰𝗲𝘀 to 𝗘𝗨 𝗳𝗶𝗻𝗮𝗻𝗰𝗶𝗮𝗹 𝘀𝗲𝗰𝘁𝗼𝗿 𝗲𝗻𝘁𝗶𝘁𝗶𝗲𝘀 (𝗙𝗦𝗘𝘀) by 𝘁𝗵𝗶𝗿𝗱-𝗰𝗼𝘂𝗻𝘁𝗿𝘆 𝘂𝗻𝗱𝗲𝗿𝘁𝗮𝗸𝗶𝗻𝗴𝘀 (𝗧𝗖𝗨𝘀). Specifically, it examines whether existing exemptions from establishing an EU branch for these services, currently extended to EU credit institutions, should be broadened to include all EU FSEs. The report analyzes 𝗾𝘂𝗮𝗻𝘁𝗶𝘁𝗮𝘁𝗶𝘃𝗲 𝘀𝘂𝗽𝗲𝗿𝘃𝗶𝘀𝗼𝗿𝘆 𝗱𝗮𝘁𝗮 on 𝗰𝗮𝘀𝗵 𝗲𝘅𝗽𝗼𝘀𝘂𝗿𝗲𝘀 𝗮𝗻𝗱 𝗹𝗲𝗻𝗱𝗶𝗻𝗴 𝗮𝗰𝘁𝗶𝘃𝗶𝘁𝗶𝗲𝘀 and incorporates 𝗾𝘂𝗮𝗹𝗶𝘁𝗮𝘁𝗶𝘃𝗲 𝗳𝗲𝗲𝗱𝗯𝗮𝗰𝗸 𝗳𝗿𝗼𝗺 𝘀𝘁𝗮𝗸𝗲𝗵𝗼𝗹𝗱𝗲𝗿𝘀, concluding that there is 𝗻𝗼 𝗰𝗼𝗺𝗽𝗲𝗹𝗹𝗶𝗻𝗴 𝗰𝗮𝘀𝗲 𝘁𝗼 𝗲𝘅𝗽𝗮𝗻𝗱 𝘁𝗵𝗲𝘀𝗲 𝗲𝘅𝗲𝗺𝗽𝘁𝗶𝗼𝗻𝘀. It also highlights challenges in 𝗱𝗮𝘁𝗮 𝗮𝘃𝗮𝗶𝗹𝗮𝗯𝗶𝗹𝗶𝘁𝘆 and inconsistencies in the definition of core banking services, suggesting that existing flexibilities and 𝗠𝗶𝗙𝗜𝗗 carve-outs largely accommodate current business needs.
The 𝗘𝗜𝗢𝗣𝗔 has evaluated 𝗵𝗼𝘄 𝗘𝘂𝗿𝗼𝗽𝗲𝗮𝗻 𝗶𝗻𝘀𝘂𝗿𝗲𝗿𝘀 𝗮𝗿𝗲 𝗶𝗻𝗰𝗼𝗿𝗽𝗼𝗿𝗮𝘁𝗶𝗻𝗴 𝗰𝗹𝗶𝗺𝗮𝘁𝗲 𝗰𝗵𝗮𝗻𝗴𝗲 𝗿𝗶𝘀𝗸𝘀 𝗶𝗻𝘁𝗼 𝘁𝗵𝗲𝗶𝗿 𝗿𝗶𝘀𝗸 𝗮𝘀𝘀𝗲𝘀𝘀𝗺𝗲𝗻𝘁𝘀, specifically within their 𝗢𝗥𝗦𝗔. The findings indicate that most insurers are now including both 𝗽𝗵𝘆𝘀𝗶𝗰𝗮𝗹 𝗮𝗻𝗱 𝘁𝗿𝗮𝗻𝘀𝗶𝘁𝗶𝗼𝗻 𝗿𝗶𝘀𝗸𝘀 in their ORSA, utilizing 𝘀𝗰𝗲𝗻𝗮𝗿𝗶𝗼 𝗮𝗻𝗮𝗹𝘆𝘀𝗶𝘀 more frequently to understand potential financial impacts. While progress has been made, challenges remain, such as 𝗶𝗻𝗰𝗼𝗻𝘀𝗶𝘀𝘁𝗲𝗻𝘁 𝗮𝗽𝗽𝗿𝗼𝗮𝗰𝗵𝗲𝘀 𝗮𝗰𝗿𝗼𝘀𝘀 𝗱𝗶𝗳𝗳𝗲𝗿𝗲𝗻𝘁 𝗿𝗲𝗴𝗶𝗼𝗻𝘀 and a 𝘀𝗵𝗼𝗿𝘁𝗮𝗴𝗲 𝗼𝗳 𝗵𝗶𝗴𝗵-𝗾𝘂𝗮𝗹𝗶𝘁𝘆 𝗱𝗮𝘁𝗮. EIOPA aims to continue fostering 𝘀𝘂𝗽𝗲𝗿𝘃𝗶𝘀𝗼𝗿𝘆 𝗰𝗼𝗻𝘀𝗶𝘀𝘁𝗲𝗻𝗰𝘆 and building capacity in this area.
This consultation paper, issued by EIOPA, outlines proposed 𝗜𝗺𝗽𝗹𝗲𝗺𝗲𝗻𝘁𝗶𝗻𝗴 𝗧𝗲𝗰𝗵𝗻𝗶𝗰𝗮𝗹 𝗦𝘁𝗮𝗻𝗱𝗮𝗿𝗱𝘀 (𝗜𝗧𝗦) concerning resolution reporting for insurance and reinsurance companies as mandated by 𝗗𝗶𝗿𝗲𝗰𝘁𝗶𝘃𝗲 (𝗘𝗨) 𝟮𝟬𝟮𝟱/𝟭. It details the 𝗽𝗿𝗼𝗰𝗲𝗱𝘂𝗿𝗲𝘀, 𝘀𝘁𝗮𝗻𝗱𝗮𝗿𝗱 𝗳𝗼𝗿𝗺𝘀, 𝗮𝗻𝗱 𝘁𝗲𝗺𝗽𝗹𝗮𝘁𝗲𝘀 for insurers to provide information essential for drawing up and executing resolution plans. The document includes an 𝗶𝗺𝗽𝗮𝗰𝘁 𝗮𝘀𝘀𝗲𝘀𝘀𝗺𝗲𝗻𝘁 evaluating policy options for 𝗿𝗲𝗽𝗼𝗿𝘁𝗶𝗻𝗴 𝗳𝗿𝗲𝗾𝘂𝗲𝗻𝗰𝘆 and the 𝗹𝗲𝘃𝗲𝗹 𝗼𝗳 𝗱𝗲𝘁𝗮𝗶𝗹 𝗳𝗼𝗿 𝗹𝗶𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀 𝗿𝗲𝗽𝗼𝗿𝘁𝗶𝗻𝗴, ultimately favoring less frequent and less granular reporting to reduce the burden on undertakings. Additionally, it addresses 𝗱𝗮𝘁𝗮 𝗾𝘂𝗮𝗹𝗶𝘁𝘆, 𝘀𝘂𝗯𝗺𝗶𝘀𝘀𝗶𝗼𝗻 𝗳𝗼𝗿𝗺𝗮𝘁𝘀, 𝗮𝗻𝗱 𝘁𝗵𝗲 𝗽𝗿𝗼𝘃𝗶𝘀𝗶𝗼𝗻 𝗼𝗳 𝗮𝗱𝗱𝗶𝘁𝗶𝗼𝗻𝗮𝗹 𝗶𝗻𝗳𝗼𝗿𝗺𝗮𝘁𝗶𝗼𝗻, emphasizing cooperation between supervisory and resolution authorities and providing a 𝗽𝗿𝗶𝘃𝗮𝗰𝘆 𝘀𝘁𝗮𝘁𝗲𝗺𝗲𝗻𝘁 regarding data collection.
𝗢𝗽𝗲𝗻𝗶𝗻𝗴 𝗱𝗮𝘁𝗲 22 July 2025
𝗗𝗲𝗮𝗱𝗹𝗶𝗻𝗲 31 October 2025, 23:59 (CET)
The preprint article, 𝘿𝙤 𝘽𝙖𝙣𝙠𝙨 𝙎𝙥𝙚𝙖𝙠 𝙩𝙝𝙚 𝙎𝙖𝙢𝙚 𝙀𝙎𝙂 𝙇𝙖𝙣𝙜𝙪𝙖𝙜𝙚? 𝘼 𝙏𝙚𝙭𝙩-𝘽𝙖𝙨𝙚𝙙 𝘾𝙡𝙪𝙨𝙩𝙚𝙧𝙞𝙣𝙜 𝘼𝙥𝙥𝙧𝙤𝙖𝙘𝙝 explores the 𝗻𝗮𝗿𝗿𝗮𝘁𝗶𝘃𝗲 𝗰𝗼𝗻𝘀𝗶𝘀𝘁𝗲𝗻𝗰𝘆 in ESG disclosures among leading Italian banks. The authors, Giuseppe Scandurra and Antonio Thomas, employed 𝗰𝗼𝘀𝗶𝗻𝗲 𝘀𝗶𝗺𝗶𝗹𝗮𝗿𝗶𝘁𝘆 and 𝗵𝗶𝗲𝗿𝗮𝗿𝗰𝗵𝗶𝗰𝗮𝗹 𝗰𝗹𝘂𝘀𝘁𝗲𝗿𝗶𝗻𝗴 to analyze the textual content of non-financial reports. Their research identifies 𝗳𝗼𝘂𝗿 𝗱𝗶𝘀𝘁𝗶𝗻𝗰𝘁 𝗿𝗲𝗽𝗼𝗿𝘁𝗶𝗻𝗴 𝗽𝗮𝘁𝘁𝗲𝗿𝗻𝘀 among the banks: 𝘀𝘁𝗮𝗻𝗱𝗮𝗿𝗱𝗶𝘇𝗲𝗱, 𝘁𝗿𝗮𝗻𝘀𝗶𝘁𝗶𝗼𝗻𝗮𝗹, 𝗶𝗻𝘀𝘁𝗿𝘂𝗺𝗲𝗻𝘁𝗮𝗹, and 𝗶𝗱𝗶𝗼𝘀𝘆𝗻𝗰𝗿𝗮𝘁𝗶𝗰. This 𝗿𝗲𝘃𝗲𝗮𝗹𝘀 𝗮 𝗽𝗲𝗿𝘀𝗶𝘀𝘁𝗲𝗻𝘁 𝗱𝗶𝘃𝗲𝗿𝘀𝗶𝘁𝘆 in how banks communicate their ESG efforts, despite calls for harmonization. Ultimately, the study highlights the 𝗰𝗵𝗮𝗹𝗹𝗲𝗻𝗴𝗲𝘀 𝗶𝗻 𝗰𝗼𝗺𝗽𝗮𝗿𝗶𝗻𝗴 𝗮𝗻𝗱 𝗮𝘀𝘀𝗲𝘀𝘀𝗶𝗻𝗴 𝗘𝗦𝗚 𝗽𝗲𝗿𝗳𝗼𝗿𝗺𝗮𝗻𝗰𝗲 due to varied reporting styles and suggests a need for more specific standards within the banking sector.