Expert panel on information and communication technology (ICT)

DE

The use of information and communication technology (ICT) in institutions, including the use of third-party ICT services, plays a central role in the financial sector and is becoming ever more important. The appropriate and effective management of ICT risks, including those relating to outsourced activities and processes, is therefore crucial for the proper business organisation of an institution. Standards for the proper organisation of ICT and the management of ICT risk were formerly stipulated in particular by the Minimum Requirements for Risk Management (Mindestanforderungen an das Risikomanagement, or MaRisk) in conjunction with the Supervisory Requirements for IT in Financial Institutions (Bankaufsichtliche Anforderungen an die IT, or BAIT). Since 17 January 2025, the cross-sectoral Regulation (EU) 2022/2554 (the Digital Operational Resilience Act, or DORA) has been applicable and sets out the requirements for digital operational resilience in the financial industry.

Like DORA, the expert panel on ICT has spanned multiple sectors starting in 2025 and mainly serves as a forum for

  • maintaining the current regular dialogue between supervisory authorities and the financial industry on ICT risk management topics, whilst extending the debate to other areas governed by DORA;
  • giving due consideration to the ongoing dynamic development of ICT used in financial corporations to support business processes and the resultant potential for operational (cyber) risks;
  • debating operational matters in areas such as ICT organisation, ICT processes, ICT systems and control procedures on the basis of specific issues.

The expert panel on ICT also provides a platform for raising awareness in the financial industry and communicating the expectations of the Federal Financial Supervisory Authority (BaFin) regarding existing standards. 

Members of the panel include experts from credit institutions and insurance companies, fund industry representatives, ICT service providers, association representatives and supervisory experts. All members can submit suggestions relating to timeline and content.