Skip to content

Menu

LexBlog, Inc. logo
NetworkSub-MenuBrowse by SubjectBrowse by PublisherJoin the NetworkGet StartedSubscribeSupport
Contact Us
Search
Close

Basel Committee report on ICT risk management: range of practices

By Simon Lovegrove (UK) on June 2, 2026
Email this postTweet this postLike this postShare this post on LinkedIn

On 2 June 2026, the Basel Committee on Banking Supervision (Basel Committee) published a report describing a range of observed information and communication technology (ICT) risk management practices across jurisdictions to address non-malicious ICT incidents.

The report covers a range of observed ICT risk management practices across different jurisdictions relevant to addressing non-malicious ICT incidents in global systemically important banks (G-SIBs), domestic systemically important banks (D-SIBs) and other banks of interest (for example digital-only banks) that affect the delivery of critical operations. In preparing the report, the Basel Committee relied on input from its member jurisdictions, including selected case studies, and industry engagement. In addition, regulatory and supervisory approaches from banking authorities were reviewed. Overall, 16 jurisdictions participated in the survey.

Based on the survey, the most frequently reported causes of non-malicious ICT incidents include:

  • Change control gaps.
  • Gaps in system design, development and testing.
  • System capacity and performance issues.
  • External dependency operational failure.

Banks employ various ICT risk management practices to mitigate these risks, with third-party risk management being a key focus through enhanced governance, monitoring tools and exit strategies.

The Basel Committee also notes that at an industry outreach event, some panellists highlighted significant progress in reducing failure rates through the banks’ technical and/or process controls. To support effective ICT risk management, the panellists highlighted the importance of:

  • Adopting a modular and layered approach in the implementation of new system components to replace legacy systems and reduce complexity.
  • Implementing automation, including through new technologies and artificial intelligence/machine learning, while maintaining an appropriate level of human oversight and control.
  • Managing nth-party dependencies and maintaining visibility across the ICT supply chain.
  • Addressing talent shortages by partnering with universities and creating technical career tracks internally.
Photo of Simon Lovegrove (UK) Simon Lovegrove (UK)
Read more about Simon Lovegrove (UK)Email
  • Posted in:
    Banking, Finance and Securities
  • Blog:
    Global Regulation Tomorrow
  • Organization:
    Norton Rose Fulbright
  • Article: View Original Source

Call us at 1-800-913-0988 or email sales@lexblog.com.

Facebook LinkedIn Twitter RSS
  • About LexBlog
  • The Field We Built
  • Our Beliefs
  • Our Team
  • Contact LexBlog
  • Disclaimer
  • Editorial Policy
  • Terms of Service
  • Get Started
  • Publishing Solutions
  • Compass
  • Submit a Request
  • Support Center
  • System Status
Copyright © 2026, LexBlog, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo