The Basel Committee on Banking Supervision has published a report setting out observed information and communication technology risk management practices across jurisdictions for handling non-malicious ICT incidents at banks. The report places ICT within operational risk management and operational resilience, focusing on incidents that affect the delivery of critical operations and services. The range of practices report identifies, describes and compares bank practices alongside regulatory and supervisory approaches across jurisdictions. It complements the Committee's earlier cyber resilience work by concentrating on non-malicious ICT incidents rather than malicious cyber events, and is intended to provide reference points that banks and supervisory authorities can use to adapt ICT risk management arrangements to their own circumstances. The Committee will continue to monitor developments in the digitalisation of finance and financial technology from a prudential perspective and exchange supervisory insights, including on artificial intelligence models and the implications for banks' cyber security.
Bank for International Settlements2026-06-02
Basel Committee on Banking Supervision publishes ICT risk management practices report focused on non-malicious incidents
The Basel Committee on Banking Supervision has published a report on information and communication technology risk management for non-malicious ICT incidents at banks, positioning these within operational risk and resilience. The report compares bank, regulatory and supervisory practices across jurisdictions and complements the Committee’s earlier cyber resilience work. The Committee will continue to monitor digitalisation and financial technology developments, including artificial intelligence models and their implications for banks’ cyber security.