Report on the Danish FSA’s IT-supervision

13-05-2024

Report no. 14/2023

The purpose of the study is to assess whether the FSA has conducted its supervision of the IT security of the financial sector in a satisfactory manner. The report answers the following questions: 

  • Has the FSA organised the IT supervision in a satisfactory manner?
  • Has the FSA conducted the IT supervision in a satisfactory manner?
  • Has the FSA supported the effectiveness of the IT supervision? 

It is Rigsrevisionen’s assessment that the FSA’s supervision of the IT security of financial institutions is not satisfactory. This entails a risk that the institutions’ IT security is inadequate to prevent IT security breaches that could harm their clients and society. 

Rigsrevisionen initiated the study in April 2023 upon a request from the Danish Public Accounts Committee.

Read the introduction and conclusion (PDF)