You are here: 

FMA publishes Guide on IT Security in Insurance and Reinsurance Undertakings

Release Date: |

The Austrian Financial Market Authority (FMA) today took a further step in equipping the Austrian financial market for digitalisation by publishing an FMA-Guide on IT Security in Insurance Undertakings.

IT systems and digital offerings are also growing in importance in the insurance sector. The risk of a system failure or data being misused may affect both insurance undertakings and insured persons and in extreme circumstances may even damage the stability and confidence in the financial market. The Guide explains the FMA’s expectations in relation to IT security, and thereby provides the insurance industry with a transparent framework for extending its digital offerings. “Insurance undertakings provide essential financial services for their customers. The increasing digitalisation of insurance business must therefore be accompanied by high standards for the security of both systems and data. The purpose of this Guide is to also increase confidence of insurance customers in digital technologies and data protection”, commented the FMA’s Executive Directors, Helmut Ettl and Klaus Kumpfmüller.

The Guide on IT Security for the insurance industry is already the second of its kind. In May of this year, the FMA published a corresponding Guide for banks. During the summer another Guide on IT Security will follow for the areas of asset management and investment firms. The FMA, as an integrated supervisory authority, will thereby create comparable frameworks for digitalisation across all the supervisory areas of the financial market.

In accordance with the thematic focuses of the FMA’s supervisory and inspection activities for 2018, the Guide serves as orientation for insurance undertakings and summarises the FMA’s expectations in the following fields:

– Governance in the area of IT security, which falls under the responsibility of the management bodies and which make occur on the basis of an IT strategy, and which prescribes adequate technical and organisational resources.

– IT risk management and information security management which may also including the establishing of an information security officer position

– IT emergency management, for ensuring the availability of IT systems and services even in the event of disruptions

Insurance undertaking must keep an inventory of all IT systems to ensure trouble-free IT operations, to be able to identify risks arising from ageing IT systems. The Guide also prescribes processes for handling disruptions and for capturing their respective causes.

The nature, scale and complexity of the activities and the risk structure of the insurance undertaking may be taken into account on an individual basis in implementing the Guide. Insurance undertakings may ultimately determine themselves within the scope of the standards prescribed by the FMA, which methods, systems and processes are appropriate in relation to IT security. By so doing, the FMA sticks steadfastly to the principle of proportionality.

The “FMA Guide on IT Security in Insurance and Reinsurance Undertakings” can be downloaded from the FMA’s website at:

Journalists may address further enquiries to:

Mr. Stefan Maier

+43/(0)676/882 49 426

Next news entry: »