It is a twice-yearly publication, informing on international technical cooperation at the Bank of Italy.
(Only in Italian)
Le modifiche sono volte ad adeguare la disciplina vigente in materia di svalutazione di titoli non durevoli alle disposizioni contenute nell’art. 45, commi 3-octies e ss., del D.l. n. 73/2022, come modificato dal D.l. n. 131/2023, e in particolare riguardano:
- l’art. 1, nel quale si intendono modificare i commi di riferimento dell’art. 45 del decreto legge n. 73/2022, come modificato dal decreto legge n. 131/2023;
- l’art. 5, che disciplina le modalità di funzionamento della riserva indisponibile, e in particolare:
- i commi 1 e 6, prevedendo, in conformità alla modifica introdotta dal decreto legge n. 131/2023, che, nel calcolo della riserva indisponibile riferita al bilancio di esercizio e alla relazione semestrale, l’impresa tenga conto anche dell’effetto sugli impegni esistenti verso gli assicurati riferiti all’esercizio di bilancio e fino a cinque esercizi successivi, se previsto dal decreto del Ministro dell’economia e delle finanze di cui all’art. 45, comma 3- duodecies, del decreto legge n. 73/2022.
- il comma 3, prevedendo che l’impresa inserisca in nota integrativa la tabella esplicativa allegata (allegato A) per la quale sono fornite specifiche istruzioni di compilazione (allegato B) e un’esemplificazione (allegato C).
La consultazione terminerà il 9 marzo 2024.
The SSM supervisory priorities for 2024-26 establish that banks should address the information and communication technology (ICT) and security risks stemming from the digitalisation of banking services. Amongst other things, this requires a bank’s management body to have a proper understanding of the evolution and materiality of such risks in order to take adequate and timely decisions to manage them.
Over the last few years, however, ongoing supervision has identified deficiencies in the collective knowledge and expertise of supervised banks’ management bodies in the area of ICT and security risks. Against this background, the ECB and national supervisors have collaborated to develop a dedicated policy for assessing the collective knowledge of the management body in the context of fit and proper assessments.
According to the policy, a fit and proper assessment must ensure that the following key expectations are met in the area of ICT and security risks:
- First, members of the management body and internal control functions, including the heads of risk management, compliance and audit, must have a sufficient understanding of ICT and security risks, as well as the related data and reporting requirements.
- Second, when assessing the collective suitability of the members of the management body, their knowledge, skills and experience relating to ICT and security risks should be considered. To this end, the management body should have at least one non-executive member with relevant and recent knowledge of, and expertise in, ICT and security risks (experience has shown that five years of relevant practical experience is an adequate threshold to ensure good management and decision making at board level). When assessing a bank’s fulfilment of this expectation, the ECB will take a risk-based approach.
- Finally, as good practice all members of the management body should undertake regular training (at least once a year) to ensure that individual members possess sufficiently up-to-date knowledge and skills to allow them to understand and assess a bank’s business and its main ICT and security risks. As DORA will also contain a similar requirement to organise regular training, supervised banks are encouraged to consider organising such training for their board members as soon as 2024.
The new policy for assessing board members’ knowledge and experience in the area of ICT and security risks will apply as of 1 March 2024 and it emphasises the importance of sound internal governance arrangements for supervised banks.
