A Joint Committee report on risks and vulnerabilities in the EU financial system has highlighted the threats posed by emerging technologies including blockchain or distributed ledger technology.

Published by the Joint Committee of the European Supervisory Authorities, focuses on continued challenges emanating from low profitability, valuation risk, and interconnectedness within the financial system. In addition, it also highlights increasing challenges posed by rapid advances in information and communication technologies (ICT), including cyber risks.

The report noted the rising operational risks related to ICT across the financial sector. It said that as the European financial institutions are embracing the potential of ICT to bring innovation, improve consumer experience, and reduce costs, they are increasing their dependence on IT platforms and telecommunication networks.

“Financial institutions face difficulties to cope with the threat of intruders gaining unauthorised access to their critical systems and data. The sophistication of such attacks is well illustrated by recent hackings of banking payment systems (e.g. attacks on the SWIFT system) and online account thefts. Further heightened supervisory diligence to address these risks is needed”, the report said.

Speaking of cyber threats, the authors said that financial market infrastructures (FMIs) face cyber risk as threats to their business continuity and the integrity of their various kinds of proprietary data.

“Due to the central role of credit rating agencies (CRA), central securities depositories (CSD), trade repositories (TR) and central counterparties (CCP) losses in market confidence and threats to the entire financial system, and in particular derivatives markets, can follow. Finally, the intertwining of FinTech and FMIs, for example through distributed ledger technology (DLT), anchors cyber threats as a long term but rapidly evolving risk for these companies”, the report added.

However, the report said that no detailed policy actions are currently foreseen. It noted that many institutions often lack technology expertise, or are inadequately informed about material ICT risks and technological evolutions.

"Inadequate IT governance can contribute to poor operational management practices and inadequate recovery and resilience solutions," it said. "Supervisors should consider to further assess the resilience of financial institutions to cyber security and ICT risks."