Technological developments are changing the framework conditions in the financial market and are opening up new opportunities for Pensionskassen (pension funds), that are however also bound with risks. In addition, the Covid-19 pandemic has accelerated innovations and digital interconnectedness, thereby further increasing challenges in conjunction with the using of information and communication technologies.
In this environment, the FMA is continuing its analysis of the state of digitalisation in the Austrian financial market. Based on this, the FMA is able to take preventative measures, to initiate improvements in the legal framework, determine the intensity of supervision of individual supervised undertakings in a more risk-adequate manner, and to act in a risk-based and forward-looking manner in planning and setting the priorities for supervision.
Strengthening of cyber resilience is the centrepiece of legal development.
- In particular, among other things, the European Commission has been pursuing the objective of strengthening the defences of the EU’s financial sector against cyber attacks since publishing the FinTech Action Plan in March 2018. Negotiations are currently ongoing regarding the proposed Regulation on digital operational resilience as part of the Digital Finance Package. These future regulations are intended to ensure that entities are able as far as possible to withstand outages and threats arising in conjunction with the usage of information and communication technologies.
- The FMA made its FMA-Leitfaden IT-Sicherheit für Pensionskassen FMA Guide on IT Security for Pensionskassen (available in German only) available as guidance for Pensionskassen back in 2018.
In the area of digitalisation, the FMA has taken the following measures and set the following priorities:
- Study on “Digitalisation of the Financial Market”: The FMA regularly conducts cross-sector analyses on digital transformation.
- IT interdependencies: Based on the visualisation of interconnectedness in the IT service provider landscape in the Pensionskasse sector, potential concentration risks are presented and further deductions reached for supervisory strategy and practice.
- FMA-Cyber-Maturity Level Assessment: The FMA is using a tool developed in-house for measuring and evaluating the cyber resilience of Austrian Pensionskassen. See for example the FMA’s 2021 Report on the state of Austrian Pensionskassen (available in German only) , Part F. Cyber-resilence, 1. Results of the FMA-Cyber Maturity Assessment.
- FMA-Cloud Maturity Level Assessment: This was implemented analogously to the survey on cyber maturity. See also the FMA’s Annual Report 2020, Priorities for supervision and inspections 2020: embracing digitalisation, addressing the risks.
- ICT-related incidents: the FMA enquires about such incidents and is thereby preparing the Pensionskassen for future binding reporting requirements.
- Post Covid-19 related risks: Risks arising in conjunction with the return to presence working were analysed.
- Practice dialogue: There is an ongoing exchange with the sector about digitalisation issues.