The purpose of the study is to assess whether the FSA has conducted its supervision of the IT security of the financial sector in a satisfactory manner. The report answers the following questions:
- Has the FSA organised the IT supervision in a satisfactory manner?
- Has the FSA conducted the IT supervision in a satisfactory manner?
- Has the FSA supported the effectiveness of the IT supervision?
It is Rigsrevisionen’s assessment that the FSA’s supervision of the IT security of financial institutions is not satisfactory. This entails a risk that the institutions’ IT security is inadequate to prevent IT security breaches that could harm their clients and society.
Rigsrevisionen initiated the study in April 2023 upon a request from the Danish Public Accounts Committee.
Read the introduction and conclusion (PDF)