"In times when the financial sector grows increasingly dependent on information technology (IT) owing to the desire of customers to receive services swiftly and remotely, technological developments and a trend towards attracting external service providers, market participants need to pay more attention to digital resilience and cybersecurity risks. That is why Latvijas Banka will devote special attention to IT security risks to Latvian financial institutions in 2024, focusing on the management of cybersecurity and third-party (outsourcing) risks. At the same time, we will assess sustainability aspects and the work of banks with both high-risk and low-risk customers without excessively or unduly burdening them. The keyword here is proportionality,"
emphasises Santa Purgaile, Deputy Governor of Latvijas Banka.
Five financial market supervisory priorities have been set for 2024:
- good governance,
- operational and financial resilience,
- business model sustainability in a transition economy,
- risks related to money laundering and terrorism and proliferation financing (ML/TPF) and sanctions risks,
- market conduct risk.
In 2024, Latvijas Banka plans to carry out 19 on-site inspections in the area of prudential (safe practice and prudent risk) supervision, 7 inspections relating to the prevention of ML/TPF and to sanctions and 2 inspections in the area of IT. Additionally, Latvijas Banka's supervision experts will participate in the inspections conducted by the European Central Bank.*The on-site inspection plan of the European Central Bank is not publicly available; therefore, these inspections have not been included in the on-site inspection plan published by Latvijas Banka.
Three on-site inspections will be focused on the protection of the customers serviced by credit institutions, assessing the processing of covered deposits and guaranteed compensation.
By segment, the inspections planned for 2024 are as follows: 16 on-site inspections at banks, 2 inspections in the insurance sector, 1 – in the area of pensions, 3 – in the area of investment, 1 – in the area of payment services, 4 – at investment firms, 2 – at cooperative credit unions and 2 – at foreign exchange companies.
Alongside on-site inspections, Latvijas Banka is planning a wide range of off-site activities, particularly in the areas of IT security, governance and sustainability.
Despite the growing geopolitical risk and cyberattacks, Latvian financial institutions have so far shown digital resilience. However, due to the ever-changing nature of threats, financial institutions should strengthen their operational resilience. This is also established by the European Union Regulation on digital operational resilience or DORA Regulation which is part of the digital finance strategy of the European Commission. It aims to support the development of digital finance, while mitigating the related risks. The role of outsourcing and the use of cloud services and artificial intelligence is expected to become increasingly significant in the near future, and so the risks associated with these services, including risks to data security and management, will also become more pronounced.
Over the past years, the risk level of ML/TPF has fallen substantially for Latvian financial institutions, and their internal control systems have been strengthened considerably; therefore, the introduction of a risk-based approach has to be continued at this point in time. The work accomplished by Latvia in this area has been commended in the international arena; however, excessive caution practised by credit institutions results in problems related to the availability of financial services. Latvijas Banka will assess the ML/TPF risk management practice at financial institutions next year, and its inspections will also focus on the provision of services to low-risk customers as the availability of financial services is our priority.
In 2024, the supervision of financial sector sustainability will mostly focus on complying with disclosure requirements, improving the quality of the strategies of market participants as well as developing the framework for the management of sustainability risks. To ensure further progress in these processes, Latvijas Banka will continue to provide market participants with support and methodological guidance; nevertheless, it also expects the institutions themselves to be proactive as they continue to integrate aspects of sustainability risks into their activities.