Technological developments are changing the framework conditions in the financial market and are opening up new opportunities for corporate provision companies, that are however also bound with risks. In addition, the Covid-19 pandemic accelerated innovations and digital interconnectedness, while geopolitical developments have also increased the challenges that exist in conjunction with the usage of information and communication technologies (ICT).
Against this backdrop, the Austrian Financial Market Authority (FMA) continues to analyse the state of digitalisation in the Austrian financial market. Based on this, the FMA is able to take preventative measures, to initiate improvements in the legal framework, determine the intensity of supervision of individual supervised undertakings in a more risk-adequate manner, and to act in a risk-based and forward-looking manner in planning and setting the priorities for supervision.
Legislative developments
Strengthening of cyber resilience is the centrepiece of ongoing legislative development. The Regulation on Digital Operational Resiliences in the Financial Sector (DORA) has applied since 17 January 2025. It covers the issues of ICT risk management, the management and reporting of ICT-related incidents, resilience tests (including Threat-Led Penetration Tests (TLPTs), ICT services risks as well as the exchange of information on cyber-risks between undertakings.
The FMA’s Priorities for Supervision
In the area of digitalisation, the FMA has taken the following measures and set the following priorities:
Austrian Digital Finance Landscape
In 2024, the FMA conducted an analysis exercise on the "Austrian Digital Landscape” to evaluate the degree of digitalisation of business operations as well as operational resilience (IT landscape, ICT interdependencies, cyber resilience) of undertakings in the Austrian financial market. Preparations for the regulations contained in DORA are also being addressed. Undertakings were given the opportunity as a result to make necessary improvements in implementing the new regulatory rules.
This thematic focus also permits the FMA to include the implications of digitalisation among supervised entities adequately in its risk-based approach to supervision as well the general supervisory assessment of undertakings and to identify the relevant ICT service providers in the Austrian financial market.
Study on “Digitalisation of the Financial Market”
The FMA regularly conducts cross-sector analyses on digital transformation. Further information may be found on the FMA website on the page "Digitalisation of the Austrian Financial Market”.
IT Interdependencies
Based on the visualisation of interconnectedness in the IT service provider landscape, potential concentration risks are presented and further deductions reached for supervisory strategy and practice.