A man works in an IT data centre

Monthly Report: Digital risks on the rise in the banking sector

The digital transformation of the world in which we live and work is increasingly putting German banks to the test. In the latest issue of its Monthly Report, the Bundesbank notes that the resulting surge in competition between financial services, combined with customer expectations, has been putting them under significant pressure to adapt and evolve for a number of years. Furthermore, new technologies such as artificial intelligence and the widespread use of cloud services are accelerating the process of digitalisation, prompting the Bundesbank’s experts to warn that “As the digital transformation unfolds, it is important to not lose sight of security, particularly with banks becoming a growing target for professional hackers”. As they see it, banks need to ensure that their customers’ data are accessible and sufficiently well protected at all times, though technology alone is not enough to stay ahead of digital risks. Instead, the key factors for success are the human component as well as technical and organisational measures, together with well-structured, effective and interlinked processes.

Growing challenge for institutions and the financial system

The Bank’s experts see the threat of cyberattacks as another emerging challenge for institutions and the wider financial system. “Hackers are benefiting from the growing level of technical complexity and are themselves becoming more professional in terms of how they operate,” they write, explaining that hackers are particularly interested in payment systems, which can be targeted in order to fraudulently transfer funds, for example, and in critical banking systems, which are a prime target for ransomware attacks due to the damage that could be caused by taking them down. Furthermore, attacks can knock out or otherwise compromise major IT systems used by institutions to communicate with their customers.

In the context of banking supervision, the Bundesbank works with the Federal Financial Supervisory Authority (BaFin) to monitor around 1,650 credit institutions in Germany. Compliance with the joint Bundesbank-BaFin requirements for protecting financial institutions’ digital infrastructure is reviewed by the Bundesbank. The Bank’s experts explain that, to ensure that the scope needed to implement the requirements is always available, banking supervisors rely on a principle and process-oriented approach to regulation and oversight. This is outlined in greater detail in relevant circulars such as the Minimum Requirements for Risk Management (MaRisk) and the prudential requirements for IT (BAIT). According to the Monthly Report, these supervisory requirements are general in nature and leave it to the institutions to decide which technologies or methods they wish to employ. This means that even current developments such as cloud computing and artificial intelligence generally fall within the scope of these requirements and can be supervised effectively.

As part of the supervisory review and evaluation process (SREP), in particular by conducting on-site inspections at banks, the Bundesbank assesses not only financial risks but also non-financial ones, such as digital risks. It is a field where the experts are seeing steady improvement in risk management processes. But as they note in the Monthly Report article, they frequently also detect basic vulnerabilities and a need for improvement when it comes to addressing digital risks, particularly with respect to managing information risks, information security and outsourcing management, and add these items to the prudential scope.

Long-term success hinges on innovative technologies

The Bundesbank’s experts believe that the pace of technological change will remain high, especially in the banking sector. In their view, technological progress needs to be facilitated, as does the proportionate implementation of protective measures at institutions on their own initiative: “Only if institutions take the initiative and face up to the opportunities and risks presented by digitalisation in a confident and balanced manner will it be possible to safeguard the functioning of the financial system in the long term.”