IT supervision at banks

Deadline for application

19 April 2024


As digital transformation progresses, information technology is becoming ever more important to the functioning of banks. At the same time, however, these technologies bear great potential for abuse and may be a source of negligence and threats, both internal and external. Supervisors therefore need to focus their attention on the risks associated with the use of information technology.

This course gives an overview of current practices with regard to IT supervision at banks from both a regulatory and practical perspective. The course will describe the general EU framework and its transposition into German law and regulatory practice. The sessions will also discuss typical IT issues that banks face, shed light on the evaluation techniques used by supervisors in their review and evaluation process (SREP) and highlight specific IT problems depending on participants’ particular interests.

Active participation is expected in this course, and participants should be prepared to discuss typical issues and problems faced in the IT usage of banks under their supervision.


  • Introduction to the course, tour de table of participants’ backgrounds and interests
  • Overview of the European and German banking systems and supervision systems
  • Introduction to IT security
  • Overview of European and German laws and regulations for IT supervision
  • Minimum requirements for risk management with a focus on IT and outsourcing requirements
  • Introduction to IT supervision
  • Setting up an on-site inspection for IT
  • Deep dive on selected topics (e.g. user access rights, application development, outsourcing management, penetration testing, DORA, MICA)
  • Gathering off-site information for the supervisory review and evaluation process for IT (IT SREP)
  • Typical findings from on-site inspections in Germany 
  • Group work: understanding and evaluating an on-site inspection report for IT

Target group

Policymakers in banking supervision, on-site and off-site inspectors, IT auditors. Participants should have at least an intermediate understanding of banking supervision and information technology. 

Technical requirements

Computer with microphone, camera, speakers or headphones; an up-to-date internet browser.

Registration deadline expired.