Core supervision principles
In its Vision on Supervision 2025 – 2028, DNB firstly emphasises the core of its supervisory practice. The prudential supervision of DNB focuses on the solidity of financial institutions and the stability of the financial system, whilst the integrity supervision focuses on a sound financial sector. DNB prioritizes its supervisory efforts on areas where the greatest risks are signalled, as a result of which the intensity of DNB’s supervision on financial institutions may increase where certain risks may have a larger impact to the trust in the financial system.
With an eye on the future of its supervision, DNB anticipates on new developments that may affect the financial sector. DNB considers it relevant to make sure that its supervisory tools are fit for new developments, and encourages the financial sector to address risks arising from new developments itself. In that respect, DNB also deems it desirable to enter into a dialogue with the financial sector and social organisations, for instance on standards and legislation that are still being developed.
Focus areas of supervision
As mentioned above, DNB has identified three main focus areas for its supervision, namely (i) geopolitical developments, (ii) technological innovation, and (iii) cyber resilience. In this section, we discuss these focus areas in more detail.
Geopolitical developments
Firstly, DNB warns for the increasing geopolitical tensions and their potential impact on financial institutions. Amongst others, institutions face risks from exposure to companies vulnerable to disruptions in global supply chains and investments in potentially unstable jurisdictions. Furthermore, financial institutions may also experience deliberate digital or physical disruptions in their business operations or those of its most important suppliers. In that sense, geopolitical tensions provide for potential risks (e.g. inflation, credit, market, liquidity and operational) to which financial institutions are exposed. Therefore, DNB aims to ensure that institutions proactively identify and manage geopolitical risks. In addition, DNB considers it relevant that public and private sectors collaborate to enhance resilience against these risks, and financial institutions establish effective risk management and implement preventive measures to ensure its business continuity.
Technological innovation
DNB supports innovation while ensuring that risks associated with new technologies are adequately managed. In this light, DNB considers it relevant that financial institutions are agile in a rapidly changing landscape influenced by various external factors, as insufficient agility in this respect can negatively affect the institution’s stability and business continuity. Whilst DNB wishes to accommodate innovation in the financial sector, such as distributed ledger technology, Open Finance and the use of AI, at the same time this should be done within the boundaries of current legislation. Furthermore, DNB expects that the risks of innovative developments can be adequately monitored, on the basis of the EU AI Act, the Markets in Crypto-Assets Regulation (MiCAR), and if adopted: the Financial Data Access regulation (FIDA).
Please refer to our earlier news updates regarding the AI Act, MiCAR and FIDA.
Cyber resilience
According to DNB, with digitalisation, longer outsourcing chains, interconnectedness and a more complex IT landscape, financial institutions are more exposed to cyber risks than ever. DNB will further enhance its attention to cyber resilience on financial institutions, thereby also focusing on compliance with the Digital Operational Resilience Act (DORA). Furthermore, DNB stresses that institutions remain responsible for risks and compliance throughout their outsourcing chains. The concentration of ICT services among a few providers can lead to widespread issues affecting financial stability. Institutions are encouraged to conduct regular tests and cyber crisis exercises to identify strengths and weaknesses in their defences and to improve recovery processes post-attack. DNB will continue to monitor and support institutions in strengthening their defences against cyber threats.
Please refer to our earlier news updates on DORA and the regulatory technical standards under DORA in relation to IT incidents.
Integration into regular supervision
DNB stresses that financial institutions have an essential gatekeeper function in preventing and combatting money laundering and terrorism financing. For the coming years, DNB expresses its expectation that financial institutions will base the performance of their gatekeeper role on a sharp risk-based approach, thereby tailoring customer due diligence to the specific risks that a customer, business relationship, product or transaction poses with regard to money laundering or the financing of terrorism. Furthermore, in a European context DNB will be contributing to effectively combatting financial-economic crime by working closely together with the newly established European Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA).
With regard to sustainability risks, DNB acknowledges that many financial institutions have identified climate and environmental risks and prepared actions plans in this regard. However, DNB stresses that these plans must be concretised and implemented, as non-compliance with action plans could give rise to legal, reputational and other prudential risks. Furthermore, sustainability risks are increasingly embedded in specific regulations. For example, pursuant to new European rules banks and insurers are obliged to create transition plans with measurable goals and pension funds must include the assessment of ESG-related risks in the investment portfolio part of their business operations. Additionally, financial institutions must comply with European regulations regarding sustainability reporting (e.g. Sustainable Finance Disclosure Regulation (SFDR) and Corporate Sustainability Reporting Directive (CSRD)).
Finally, DNB acknowledges that it is challenging for leadership to anticipate new developments and adjust organizational practices effectively and sustainably. According to DNB, governance is not just about organizational structure but also about practical functioning, reflected in behaviour. In its supervision, DNB will therefore pay attention to the relationship between the governance and behaviour, and findings in other areas of its supervision.
Conclusion
In conclusion, for the coming years DNB’s supervision on the financial sector will focus on (i) geopolitical developments, (ii) technological innovation, and (iii) cyber resilience. This is reflected in (amongst others) the supervision on compliance with new regulations, such as MiCAR, FIDA and DORA, but also with expectations and obligations raised by financial institutions in this regard.
Would you like to know more about these topics? Feel free to reach out to one of our colleagues mentioned below.