{"id":17892174,"date":"2025-09-17T19:20:17","date_gmt":"2025-09-17T17:20:17","guid":{"rendered":"https:\/\/www.fma.gv.at\/?page_id=17892174"},"modified":"2025-10-14T21:19:58","modified_gmt":"2025-10-14T19:19:58","slug":"it-risk-supervision","status":"publish","type":"page","link":"https:\/\/www.fma.gv.at\/en\/banks\/conduct-and-it-risk-supervision-of-banks\/it-risk-supervision\/","title":{"rendered":"IT Risk Supervision"},"content":{"rendered":"<?xml encoding=\"utf-8\" ?><div class=\"wp-block-cover has-custom-content-position is-position-bottom-right\"><img loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"213\" class=\"wp-block-cover__image-background wp-image-50884 size-large\" alt=\"\" src=\"https:\/\/www.fma.gv.at\/wp-content\/uploads\/2024\/07\/Header-DORA-Webseite-1320x440-DORA-Management-des-IKT-Drittparteienrisikos-640x213.jpg\" data-object-fit=\"cover\" srcset=\"https:\/\/www.fma.gv.at\/wp-content\/uploads\/2024\/07\/Header-DORA-Webseite-1320x440-DORA-Management-des-IKT-Drittparteienrisikos-640x213.jpg 640w, https:\/\/www.fma.gv.at\/wp-content\/uploads\/2024\/07\/Header-DORA-Webseite-1320x440-DORA-Management-des-IKT-Drittparteienrisikos-320x107.jpg 320w, https:\/\/www.fma.gv.at\/wp-content\/uploads\/2024\/07\/Header-DORA-Webseite-1320x440-DORA-Management-des-IKT-Drittparteienrisikos.jpg 1320w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><span aria-hidden=\"true\" class=\"wp-block-cover__background has-background-dim\" style=\"background-color:#6f7883\"><\/span><div class=\"wp-block-cover__inner-container is-layout-constrained wp-block-cover-is-layout-constrained\">\n<p class=\"has-text-align-center has-medium-font-size wp-block-paragraph\">IT Risk Supervision<\/p>\n<\/div><\/div><div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div><p class=\"wp-block-paragraph\">Division <abbr title=\"One-Six\">I\/6<\/abbr>  is responsible for IT risk supervision of less significant institutions (LSIs), payment institutions and electronic money institutions at the Austrian Financial Market Authority (FMA). The supervisory object is to strengthen these institutions&rsquo; resilience in relation to IT risks and cyber threats.<\/p><p class=\"wp-block-paragraph\">During its supervisory activities, the FMA assists supervised entities in implementing legal standards by communication supervisory expectations in a transparent manner, and making detailed information available on its website.<\/p><p class=\"wp-block-paragraph\">One particular priority at the FMA is the coordination of cross-sector DORA supervision. The implementation of the requirements set out in the Digital Operational Resilience Act (DORA) requires cross-sector cooperation within the FMA to ensure harmonised, efficient and risk-based supervision for all affected financial market participants.<\/p><p class=\"wp-block-paragraph\">Further information may be found on the <a href=\"https:\/\/www.fma.gv.at\/en\/cross-sectoral-topics\/dora\/\" target=\"_blank\" rel=\"noreferrer noopener\">FMA&rsquo;s DORA microsite<\/a>.<\/p><div class=\"card\">  <div class=\"card-header\" id=\"general\">    <h2 class=\"mb-0\">      <button class=\"btn btn-link btn-block text-left p-0 d-flex align-items-center justify-content-between\" type=\"button\" data-toggle=\"collapse\" data-target=\"#collapse-general\" aria-expanded=\"false\" aria-controls=\"collapse-general\">        <span>General information about digital resilience<\/span>        <i class=\"fa-solid fa-chevron-down text-primary\" aria-hidden=\"true\"><\/i>      <\/button>    <\/h2>  <\/div>  <div id=\"collapse-general\" class=\"collapse\" aria-labelledby=\"general\">    <div class=\"card-body\"><p><!-- wp:heading --><\/p>\n<p>Advancing digital transformation is accompanied by numerous innovations and efficiency gains for the financial sector, although the challenges for IT security and digital operational resilience in relation to faults, outages or cyber attacks are also increasing.<\/p>\n<p>Within the scope of its IT risk supervision, the FMA monitors how financial undertakings address such challenges and secure their systems against cyber attacks, technical failures and other operational risks.<\/p>\n<p>The Digital Operational Resilience Act (DORA) is a key regulatory instrument for strengthening digital resilience, which has applied since 17 January 2025. For the first time, DORA has created a harmonised European legal framework for the management of ICT risks in the financial sector. Entities are obliged under DORA to have comprehensive safeguards in place in the areas of risk management, incident reporting, digital resilience testing and the management of third-party risk.<\/p>\n<p><!-- \/wp:paragraph --><\/p>    <\/div>  <\/div><\/div><div class=\"card\">  <div class=\"card-header\" id=\"supervisorytools\">    <h2 class=\"mb-0\">      <button class=\"btn btn-link btn-block text-left p-0 d-flex align-items-center justify-content-between\" type=\"button\" data-toggle=\"collapse\" data-target=\"#collapse-supervisorytools\" aria-expanded=\"false\" aria-controls=\"collapse-supervisorytools\">        <span>Supervisory tools<\/span>        <i class=\"fa-solid fa-chevron-down text-primary\" aria-hidden=\"true\"><\/i>      <\/button>    <\/h2>  <\/div>  <div id=\"collapse-supervisorytools\" class=\"collapse\" aria-labelledby=\"supervisorytools\">    <div class=\"card-body\"><p>The FMA has a broad spectrum of supervisory tools for monitoring IT risks effectively. The objective is not only to enforcement legal standards, but also to promote a constructive and forward-looking supervisory culture in the form of exchanges with supervised entities.<\/p>\n<p>Sectoral dialogues and expert events are a key element of this. Their purpose is to impart supervisory expectations and to enable a structured exchange of knowledge and experience with the market.<\/p>\n<p>The reviewing of legal standards is conducted by combining various supervisory tools, especially ICT governance spot checks, IT on-site inspections (IT OSIs), management talks, fit and proper tests, as well as surveys and self-assessments (digitalisation study\/SREP questionnaires). Under the division of competences between the FMA and the OeNB, IT OSIs, and management talks are conducted by the OeNB.<\/p>    <\/div>  <\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Division is responsible for IT risk supervision of less significant institutions (LSIs), payment institutions and electronic money institutions at the &#8230;<\/p>\n","protected":false},"author":20,"featured_media":50885,"parent":17887052,"menu_order":1,"comment_status":"closed","ping_status":"closed","template":"landing-page.php","meta":{"inline_featured_image":false,"footnotes":""},"class_list":["post-17892174","page","type-page","status-publish","has-post-thumbnail","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>IT Risk Supervision - FMA \u00d6sterreich<\/title>\n<meta name=\"description\" content=\"Division I\/6 is responsible for IT risk supervision of less significant institutions (LSIs), payment institutions and e-money institutions.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.fma.gv.at\/en\/banks\/conduct-and-it-risk-supervision-of-banks\/it-risk-supervision\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"IT Risk Supervision - FMA \u00d6sterreich\" \/>\n<meta property=\"og:description\" content=\"Division I\/6 is responsible for IT risk supervision of less significant institutions (LSIs), payment institutions and e-money institutions.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.fma.gv.at\/en\/banks\/conduct-and-it-risk-supervision-of-banks\/it-risk-supervision\/\" \/>\n<meta property=\"og:site_name\" content=\"FMA \u00d6sterreich\" \/>\n<meta property=\"article:modified_time\" content=\"2025-10-14T19:19:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.fma.gv.at\/wp-content\/uploads\/2024\/07\/Header-DORA-Webseite-1320x440-DORA-Management-des-IKT-Drittparteienrisikos.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1320\" \/>\n\t<meta property=\"og:image:height\" content=\"440\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@FMA_AT\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.fma.gv.at\\\/en\\\/banks\\\/conduct-and-it-risk-supervision-of-banks\\\/it-risk-supervision\\\/\",\"url\":\"https:\\\/\\\/www.fma.gv.at\\\/en\\\/banks\\\/conduct-and-it-risk-supervision-of-banks\\\/it-risk-supervision\\\/\",\"name\":\"IT Risk Supervision - FMA \u00d6sterreich\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.fma.gv.at\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.fma.gv.at\\\/en\\\/banks\\\/conduct-and-it-risk-supervision-of-banks\\\/it-risk-supervision\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.fma.gv.at\\\/en\\\/banks\\\/conduct-and-it-risk-supervision-of-banks\\\/it-risk-supervision\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.fma.gv.at\\\/wp-content\\\/uploads\\\/2024\\\/07\\\/Header-DORA-Webseite-1320x440-DORA-Management-des-IKT-Drittparteienrisikos.jpg\",\"datePublished\":\"2025-09-17T17:20:17+00:00\",\"dateModified\":\"2025-10-14T19:19:58+00:00\",\"description\":\"Division I\\\/6 is responsible for IT risk supervision of less significant institutions (LSIs), payment institutions and e-money institutions.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.fma.gv.at\\\/en\\\/banks\\\/conduct-and-it-risk-supervision-of-banks\\\/it-risk-supervision\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.fma.gv.at\\\/en\\\/banks\\\/conduct-and-it-risk-supervision-of-banks\\\/it-risk-supervision\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.fma.gv.at\\\/en\\\/banks\\\/conduct-and-it-risk-supervision-of-banks\\\/it-risk-supervision\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.fma.gv.at\\\/wp-content\\\/uploads\\\/2024\\\/07\\\/Header-DORA-Webseite-1320x440-DORA-Management-des-IKT-Drittparteienrisikos.jpg\",\"contentUrl\":\"https:\\\/\\\/www.fma.gv.at\\\/wp-content\\\/uploads\\\/2024\\\/07\\\/Header-DORA-Webseite-1320x440-DORA-Management-des-IKT-Drittparteienrisikos.jpg\",\"width\":1320,\"height\":440},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.fma.gv.at\\\/en\\\/banks\\\/conduct-and-it-risk-supervision-of-banks\\\/it-risk-supervision\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.fma.gv.at\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Banks\",\"item\":\"https:\\\/\\\/www.fma.gv.at\\\/en\\\/banks\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Conduct and IT Risk Supervision of Banks\",\"item\":\"https:\\\/\\\/www.fma.gv.at\\\/en\\\/banks\\\/conduct-and-it-risk-supervision-of-banks\\\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"IT Risk Supervision\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.fma.gv.at\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.fma.gv.at\\\/en\\\/\",\"name\":\"FMA \u00d6sterreich\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.fma.gv.at\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.fma.gv.at\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.fma.gv.at\\\/en\\\/#organization\",\"name\":\"FMA - Finanzmarktaufsicht\",\"url\":\"https:\\\/\\\/www.fma.gv.at\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.fma.gv.at\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.fma.gv.at\\\/wp-content\\\/uploads\\\/2017\\\/05\\\/FMA_Logo_Twitter_400x400.png\",\"contentUrl\":\"https:\\\/\\\/www.fma.gv.at\\\/wp-content\\\/uploads\\\/2017\\\/05\\\/FMA_Logo_Twitter_400x400.png\",\"width\":400,\"height\":400,\"caption\":\"FMA - Finanzmarktaufsicht\"},\"image\":{\"@id\":\"https:\\\/\\\/www.fma.gv.at\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/FMA_AT\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"IT Risk Supervision - FMA \u00d6sterreich","description":"Division I\/6 is responsible for IT risk supervision of less significant institutions (LSIs), payment institutions and e-money institutions.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.fma.gv.at\/en\/banks\/conduct-and-it-risk-supervision-of-banks\/it-risk-supervision\/","og_locale":"en_US","og_type":"article","og_title":"IT Risk Supervision - FMA \u00d6sterreich","og_description":"Division I\/6 is responsible for IT risk supervision of less significant institutions (LSIs), payment institutions and e-money institutions.","og_url":"https:\/\/www.fma.gv.at\/en\/banks\/conduct-and-it-risk-supervision-of-banks\/it-risk-supervision\/","og_site_name":"FMA \u00d6sterreich","article_modified_time":"2025-10-14T19:19:58+00:00","og_image":[{"width":1320,"height":440,"url":"https:\/\/www.fma.gv.at\/wp-content\/uploads\/2024\/07\/Header-DORA-Webseite-1320x440-DORA-Management-des-IKT-Drittparteienrisikos.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_site":"@FMA_AT","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.fma.gv.at\/en\/banks\/conduct-and-it-risk-supervision-of-banks\/it-risk-supervision\/","url":"https:\/\/www.fma.gv.at\/en\/banks\/conduct-and-it-risk-supervision-of-banks\/it-risk-supervision\/","name":"IT Risk Supervision - FMA \u00d6sterreich","isPartOf":{"@id":"https:\/\/www.fma.gv.at\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.fma.gv.at\/en\/banks\/conduct-and-it-risk-supervision-of-banks\/it-risk-supervision\/#primaryimage"},"image":{"@id":"https:\/\/www.fma.gv.at\/en\/banks\/conduct-and-it-risk-supervision-of-banks\/it-risk-supervision\/#primaryimage"},"thumbnailUrl":"https:\/\/www.fma.gv.at\/wp-content\/uploads\/2024\/07\/Header-DORA-Webseite-1320x440-DORA-Management-des-IKT-Drittparteienrisikos.jpg","datePublished":"2025-09-17T17:20:17+00:00","dateModified":"2025-10-14T19:19:58+00:00","description":"Division I\/6 is responsible for IT risk supervision of less significant institutions (LSIs), payment institutions and e-money institutions.","breadcrumb":{"@id":"https:\/\/www.fma.gv.at\/en\/banks\/conduct-and-it-risk-supervision-of-banks\/it-risk-supervision\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.fma.gv.at\/en\/banks\/conduct-and-it-risk-supervision-of-banks\/it-risk-supervision\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fma.gv.at\/en\/banks\/conduct-and-it-risk-supervision-of-banks\/it-risk-supervision\/#primaryimage","url":"https:\/\/www.fma.gv.at\/wp-content\/uploads\/2024\/07\/Header-DORA-Webseite-1320x440-DORA-Management-des-IKT-Drittparteienrisikos.jpg","contentUrl":"https:\/\/www.fma.gv.at\/wp-content\/uploads\/2024\/07\/Header-DORA-Webseite-1320x440-DORA-Management-des-IKT-Drittparteienrisikos.jpg","width":1320,"height":440},{"@type":"BreadcrumbList","@id":"https:\/\/www.fma.gv.at\/en\/banks\/conduct-and-it-risk-supervision-of-banks\/it-risk-supervision\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.fma.gv.at\/en\/"},{"@type":"ListItem","position":2,"name":"Banks","item":"https:\/\/www.fma.gv.at\/en\/banks\/"},{"@type":"ListItem","position":3,"name":"Conduct and IT Risk Supervision of Banks","item":"https:\/\/www.fma.gv.at\/en\/banks\/conduct-and-it-risk-supervision-of-banks\/"},{"@type":"ListItem","position":4,"name":"IT Risk Supervision"}]},{"@type":"WebSite","@id":"https:\/\/www.fma.gv.at\/en\/#website","url":"https:\/\/www.fma.gv.at\/en\/","name":"FMA \u00d6sterreich","description":"","publisher":{"@id":"https:\/\/www.fma.gv.at\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.fma.gv.at\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.fma.gv.at\/en\/#organization","name":"FMA - Finanzmarktaufsicht","url":"https:\/\/www.fma.gv.at\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fma.gv.at\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.fma.gv.at\/wp-content\/uploads\/2017\/05\/FMA_Logo_Twitter_400x400.png","contentUrl":"https:\/\/www.fma.gv.at\/wp-content\/uploads\/2017\/05\/FMA_Logo_Twitter_400x400.png","width":400,"height":400,"caption":"FMA - Finanzmarktaufsicht"},"image":{"@id":"https:\/\/www.fma.gv.at\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/FMA_AT"]}]}},"toolset-meta":[],"publishpress_future_action":{"enabled":false,"date":"2026-06-29 01:30:38","action":"change-status","newStatus":"draft","terms":[],"taxonomy":"translation_priority","extraData":[]},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/www.fma.gv.at\/en\/wp-json\/wp\/v2\/pages\/17892174","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.fma.gv.at\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.fma.gv.at\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.fma.gv.at\/en\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fma.gv.at\/en\/wp-json\/wp\/v2\/comments?post=17892174"}],"version-history":[{"count":1,"href":"https:\/\/www.fma.gv.at\/en\/wp-json\/wp\/v2\/pages\/17892174\/revisions"}],"predecessor-version":[{"id":17893552,"href":"https:\/\/www.fma.gv.at\/en\/wp-json\/wp\/v2\/pages\/17892174\/revisions\/17893552"}],"up":[{"embeddable":true,"href":"https:\/\/www.fma.gv.at\/en\/wp-json\/wp\/v2\/pages\/17887052"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.fma.gv.at\/en\/wp-json\/wp\/v2\/media\/50885"}],"wp:attachment":[{"href":"https:\/\/www.fma.gv.at\/en\/wp-json\/wp\/v2\/media?parent=17892174"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}