Nos derniers articles

This opinion and accompanying report from the 𝗘𝗕𝗔 provides a comprehensive overview of 𝗺𝗼𝗻𝗲𝘆 𝗹𝗮𝘂𝗻𝗱𝗲𝗿𝗶𝗻𝗴 (𝗠𝗟) 𝗮𝗻𝗱 𝘁𝗲𝗿𝗿𝗼𝗿𝗶𝘀𝘁 𝗳𝗶𝗻𝗮𝗻𝗰𝗶𝗻𝗴 (𝗧𝗙) 𝗿𝗶𝘀𝗸𝘀 across the EU's financial sector from 2022 to 2024. The EBA, mandated to issue such an opinion biennially, identifies evolving threats driven by technological innovation, including vulnerabilities in FinTech, RegTech, and crypto assets, alongside the 𝗶𝗻𝗰𝗿𝗲𝗮𝘀𝗶𝗻𝗴 𝘀𝗼𝗽𝗵𝗶𝘀𝘁𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗼𝗳 𝗳𝗿𝗮𝘂𝗱 𝗮𝗻𝗱 𝗰𝘆𝗯𝗲𝗿𝗰𝗿𝗶𝗺𝗲 𝘀𝗰𝗵𝗲𝗺𝗲𝘀. While acknowledging positive developments like reduced tax crime risks and improved supervisory engagement in certain areas, the EBA highlights persistent challenges such as 𝗶𝗻𝗰𝗼𝗻𝘀𝗶𝘀𝘁𝗲𝗻𝘁 𝗮𝗻𝘁𝗶-𝗺𝗼𝗻𝗲𝘆 𝗹𝗮𝘂𝗻𝗱𝗲𝗿𝗶𝗻𝗴 𝗮𝗻𝗱 𝗰𝗼𝘂𝗻𝘁𝗲𝗿-𝘁𝗲𝗿𝗿𝗼𝗿𝗶𝘀𝘁 𝗳𝗶𝗻𝗮𝗻𝗰𝗶𝗻𝗴 (𝗔𝗠𝗟/𝗖𝗙𝗧) 𝘀𝘆𝘀𝘁𝗲𝗺 𝗲𝗳𝗳𝗲𝗰𝘁𝗶𝘃𝗲𝗻𝗲𝘀𝘀 𝗮𝗻𝗱 𝘁𝗵𝗲 𝗰𝗼𝗻𝘁𝗶𝗻𝘂𝗲𝗱 𝗽𝗿𝗼𝗺𝗶𝗻𝗲𝗻𝗰𝗲 𝗼𝗳 𝗰𝘂𝘀𝘁𝗼𝗺𝗲𝗿 𝗱𝘂𝗲 𝗱𝗶𝗹𝗶𝗴𝗲𝗻𝗰𝗲 (𝗖𝗗𝗗) 𝘀𝗵𝗼𝗿𝘁𝗰𝗼𝗺𝗶𝗻𝗴𝘀. The report underscores the critical need for regulatory clarity and a more unified application of risk-based approaches throughout the EU's financial landscape.

This 𝗘𝗕𝗔 report, created in consultation with 𝗘𝗦𝗠𝗔 and 𝗘𝗜𝗢𝗣𝗔, addresses the 𝗽𝗿𝗼𝘃𝗶𝘀𝗶𝗼𝗻 𝗼𝗳 𝗰𝗼𝗿𝗲 𝗯𝗮𝗻𝗸𝗶𝗻𝗴 𝘀𝗲𝗿𝘃𝗶𝗰𝗲𝘀 to 𝗘𝗨 𝗳𝗶𝗻𝗮𝗻𝗰𝗶𝗮𝗹 𝘀𝗲𝗰𝘁𝗼𝗿 𝗲𝗻𝘁𝗶𝘁𝗶𝗲𝘀 (𝗙𝗦𝗘𝘀) by 𝘁𝗵𝗶𝗿𝗱-𝗰𝗼𝘂𝗻𝘁𝗿𝘆 𝘂𝗻𝗱𝗲𝗿𝘁𝗮𝗸𝗶𝗻𝗴𝘀 (𝗧𝗖𝗨𝘀). Specifically, it examines whether existing exemptions from establishing an EU branch for these services, currently extended to EU credit institutions, should be broadened to include all EU FSEs. The report analyzes 𝗾𝘂𝗮𝗻𝘁𝗶𝘁𝗮𝘁𝗶𝘃𝗲 𝘀𝘂𝗽𝗲𝗿𝘃𝗶𝘀𝗼𝗿𝘆 𝗱𝗮𝘁𝗮 on 𝗰𝗮𝘀𝗵 𝗲𝘅𝗽𝗼𝘀𝘂𝗿𝗲𝘀 𝗮𝗻𝗱 𝗹𝗲𝗻𝗱𝗶𝗻𝗴 𝗮𝗰𝘁𝗶𝘃𝗶𝘁𝗶𝗲𝘀 and incorporates 𝗾𝘂𝗮𝗹𝗶𝘁𝗮𝘁𝗶𝘃𝗲 𝗳𝗲𝗲𝗱𝗯𝗮𝗰𝗸 𝗳𝗿𝗼𝗺 𝘀𝘁𝗮𝗸𝗲𝗵𝗼𝗹𝗱𝗲𝗿𝘀, concluding that there is 𝗻𝗼 𝗰𝗼𝗺𝗽𝗲𝗹𝗹𝗶𝗻𝗴 𝗰𝗮𝘀𝗲 𝘁𝗼 𝗲𝘅𝗽𝗮𝗻𝗱 𝘁𝗵𝗲𝘀𝗲 𝗲𝘅𝗲𝗺𝗽𝘁𝗶𝗼𝗻𝘀. It also highlights challenges in 𝗱𝗮𝘁𝗮 𝗮𝘃𝗮𝗶𝗹𝗮𝗯𝗶𝗹𝗶𝘁𝘆 and inconsistencies in the definition of core banking services, suggesting that existing flexibilities and 𝗠𝗶𝗙𝗜𝗗 carve-outs largely accommodate current business needs.

The Three Lines of Defence model (based on defence-in-depth approaches) has become one of the primary risk management frameworks. Yet, its application in the cybersecurity space, one of the fastest-growing areas of risk for modern organisations, has been fragmented at best. In this article, we conducted a systematic literature review on the application of this model in cybersecurity.