WSBI-ESBG Managing Director Peter Simon appointed EBIC Chair

Peter Simon, WSBI-ESBG Managing Director

Brussels, 18 January 2023 – The EBIC announced today that Peter SIMON was appointed as Chair of the European Banking Industry Committee (EBIC) for a two-year mandate. Peter Simon, Managing Director of the World Savings and Retail Banking Institute – European Savings and Retail Banking Group (WSBI-ESBG), succeeds Wim Mijs, CEO of the European Banking Federation (EBF).

Nina Schindler, CEO of the European Association of Co-operative Banks (EACB), was appointed as the EBIC’s Vice-Chair. The overall secretariat, which rotates along with the chair, will be in the hands of the EBF as of today.

The change comes at a busy time for the EBIC with several critical pieces of legislation under negotiation by the co-legislators (CRR3, CRD6, AMLD6, AMLR, TFR, CCD, DMFSD) and the revision of the Crisis Management Framework (BRRD3) and Mortgage Credit Directive (MCD2) still to come.

Mr Simon said: “I look forward to facilitating, together with the secretariat of the EBF, the dialogue between the EBIC members and to ensure, that this platform channels the united views of the industry as efficiently and effectively as possible. I want to thank my predecessor, Wim Mijs and the secretariat of the EACB, for their work in the past two years and in particular for bringing together the EBIC associations on the topic of COVID and its consequence on society and banks.”

Established in 2004, EBIC is committed to giving the EU banking sector a common voice within the context of the Union’s legislative initiatives in finance and banking, maintaining an open and fruitful dialogue with the EU institutions and international bodies. As an advisory committee that is regularly called upon to provide expertise, EBIC is also a forum for the European banking industry’s representatives. Throughout the drafting, adoption, implementation, and enforcement process of financial legislation, EBIC ensures a representative and sound industry contribution toward better regulation across the EU.

Click to access the Press Release

Press contact: Nihan Cevirgen
Communications Manager
Tel. +32 2211 1190

Captions Picture 2: From Left to Right: Nina Schindler, CEO of the European Association of Co-operative Banks | Peter Simon, WSBI-ESBG Managing Director | Wim Mijs, CEO of the European Banking Federation


The very real challenge of cybersecurity and how to face it



Criminals do not rob banks gun in hand and wearing masks anymore, in the way old films show, but they still break into banks. How? Hiding behind their computer screens and covering their digital tracks.

By Janine Barten

Cyber-attack risks increased over the past years, resulting in cybersecurity and digital operational resilience being a top priority for banks all over the globe. Most banks are prone to cyberattacks now customers are relying more and more on digital channels and electronic banking to perform their daily transactions. The risks that the banking sector faces are multiplied by the large number of users involved – and the lack of control banks have over the behavior of these users. That is why financial institutions are significantly investing in cybersecurity strategies, to remain one step ahead of cybercriminals.

The gap between cybersecurity and business needs

Despite all the security measures taken, banks continue to face certain challenges to protect their systems, their customers and their data, and their financial holdings. Ransomware and phishing attacks remain a common issue and are also getting more disruptive. Cybersecurity awareness is improving, however, especially as more ransomware attacks get publicized in the media. But as time progresses, the level of complexity increases. IT systems and software are getting increasingly interconnected and more complex in general – and so must be the cybersecurity measures that are put in place to protect banks and their customers.

One of the main issues is bridging the gap between cybersecurity and business needs. Good cybersecurity means adapting to the business needs. Philipp Schaefer, Cyber Risk Expert and Peter Mikeska, Cyber Security Expert at Erste Bank Group, highlighted the organisational challenges banks are dealing with: “As savings banks find themselves in an environment of ever-increasing cyber threats, the heterogenic nature of how saving banks are organised provides challenges for a sound response to sudden cyber challenges. Swift communication lines among saving banks and towards their ICT are key for identifying threats quickly and allow partner banks to benefit from individual discoveries immediately”, the experts said in a written statement.

“In addition, as costs for protective and anticipatory measures towards cyber threats increase, a unified approach towards cyber threats and its communication becomes necessary to allow the individual savings bank to keep its cost at bay while also benefitting from a state-of-the-art level of know-how and protection”, the statement continued. “However, this doesn’t come without caveats, as savings banks would need to surrender some of their direct control over part of their business to a centralised entity consolidating the ICT efforts, making it both a challenge and chance for the savings banks.” The shortage of cybersecurity professionals to handle all these aspects remains a considerable challenge as well.

Initiatives on European level

“You no longer need armies and missiles to cause mass damage. You can paralyse industrial plants, city administrations and hospitals – all you need is your laptop. You can disrupt entire elections with a smartphone and an internet connection”. These are the words of Ursula von der Leyen, President of the European Commission, used in her State of the Union Address in September 2021 to underline the growing importance of cybersecurity and call for stronger measures to address cyber threats.

Similar to banks, the European Union is also taking steps in the field of cybersecurity. Following up on its path to the digital decade to deliver on the Union’s digital transformation by 2030, the Cybersecurity Act entered into force in 2021, defining the tasks of the European Union Agency for Cybersecurity (ENISA), the European watchdog for cybersecurity.

In May 2022, the Council and the Parliament reached provisional agreement on the revision of the Directive on Security of Network and Information Systems, better known as the NIS2 Directive, to further improve the resilience and incident response capacities of both the public and private sector. Political agreement was also reached on the Digital Operational Resilience Act (DORA), the lex specialis of the NIS2 Directive for the financial sector. Banks, stock exchanges, clearinghouses, as well as FinTechs, will have to respect strict standards to prevent and limit the impact of ICT-related incidents.

Additionally, the Commission published the proposal for the Cyber Resilience Act in September 2022, which aims at establishing common cybersecurity standards for digital products and associated services that are placed on the European market.

The road ahead: Education and innovation

All these regulatory initiatives can certainly set requirements to be put on actors like banks, however, at the end of the day, the weakest links are usually humans – be they bank employees or bank customers. Continuous education is required to keep them aware of possible cyber threats.

On that note, CaixaBank offers their customers and employees extensive cybersecurity awareness programs and content in matters relating to cybersecurity through their Security space, a section on their website specifically dedicated to a secure online experience for customers. The website contains tips and advice on how to use products and services securely and reliably. Next to initiatives like the CaixaBankProtect News newsletter, CaixaBank has also set up a podcast featuring fraud victims, in which they touch upon a variety of topics such as fraudulent messages, how to manage passwords, secure online shopping, and antivirus software for your mobile phone.

Technological initiatives are important as well, as Philipp Schaefer and Peter Mikeska explain: “Focal point at Erste for online banking and communication with the customer is the platform George. Here, all data flows are monitored and permanently analysed towards anomalies. Should threats be discovered, an immediate response is initiated by blocking harmful actions and the affected customer will be contacted and informed. In case of a significant uprise of a threat, each customer entering our platform will be briefed and needs to confirm the message to proceed. The smartphone application of George can also discover if harmful code from other applications tries to gain access. Lastly, multifactor authorisation protects our customers from further threats.”

Despite the cyber threat constantly being present, there is also room for optimism. The fast development of cyber threats and both European and national regulation to address those threats will push banks to innovation. In addition, strong cybersecurity measures could lead to increased consumer trust. As Ursula von der Leyen stated in her State of Union Address: “We should not just be satisfied to address the cyber threat, but also strive to become a leader in cybersecurity”.

Criminals will always be on the watch out for the weakest link. WSBI-ESBG members stand ready to counter this challenge and enhance the security of both their customers and the society at large.

Janine Barten is WSBI-ESBG adviser with expertise on digital finance and innovation.

Meet the Innovation and Payments Team

A shortened version of this article awas published in WSBI-ESBG’s Financial News and Views December 2022 Edition on PAGE 5

Click to access the Article

WSBI brochure cover

WSBI Brochure 2022






ESBG’s letter to the Commission on the EBA RTS and GL on interest rate risk in the banking book

On 20 December 2022, ESBG sent a letter to the European Commission about the draft EBA Regulatory Technical Standards (RTS) on interest rate risks for banking book (IRRBB) supervisory outlier tests (SOT) and EBA Guidelines on IRRBB and credit spread risk in the banking book (CSRBB).

Whilst we support a revision of the framework capturing interest rate risks for banking book positions, we also believe that the 2,5% SOT threshold for the definition of “large decline” in net interest income (NII) suggested by the EBA is not appropriate as it was calibrated in a low interest rate environment. We therefore suggested that the EBA continues monitoring the normalisation of the monetary policy and only re-calibrates the threshold at a later stage more in line with current market conditions. Furthermore, we pointed out that the relative quantitative impact study was performed at consolidated level and only with a small number of large banks, which makes the calibration of the threshold even less appropriate.

Furthermore, in order to avoid different interpretations and ensure a level playing field, we stressed in relation to the EBA GL on IRRBB and CSRBB that non-marketable instruments, e. g. loans to customers, should be generally exempted from the scope of the CRSBB framework. The value of these instrument is not exposed to market fluctuations, moreover they are already covered through banks’ credit risk management processes.

The European Commission is currently reviewing the EBA RTS on IRRB SOT and is allowed to propose amendments to the text, which would eventually need to be assessed by the EBA. The Commission aims to publish the final RTS around mid-2023. For what concerns the EBA GL on IRRBB & CSRBB, the Commission cannot propose amendments but may suggest a revision to the EBA.

Looking ahead, ESBG will continue to remain engaged with the Commission during the review process.

Read the Full Letter



ESBG responds to the ESAs call for evidence on greenwashing

The European Supervisory Authorities (ESMA, EBA, EIOPA) received a request for input from the Commission relating to greenwashing risks and supervision of sustainable finance policies. Therefore, they asked for input on potential greenwashing practices in the EU financial sector. On 10 January 2023, ESBG provided the ESAs with its contribution.

ESBG welcomes this call for evidence since greenwashing is an issue which must be tackled at the EU-level and would like to recall that banks and savings banks are intensively dedicated to the traceability, transparency and credibility of the sustainability features they have to consider in investment advice and financial portfolio management. The EU Taxonomy, the Sustainable Finance Disclosure Regulation (SFDR) and the Markets in Financial Instruments Directive (MiFID II) already aims at tackling greenwashing.

Nonetheless, ESBG regrets that these different regulations are currently based on a different understanding of greenwashing. The existence of a large amount of complex ESG information and data that needs to be provided to investors and clients can also create a perverse effect through an information overload which can facilitate greenwashing.

Therefore, in the interest of customers, banks, saving banks and issuers of financial products, ESBG assesses that there is an urgent need for a harmonization of the understanding of greenwashing within the framework of European legislations and supervisory practices. ESBG believes that it could be achieved through the following steps:

  • First, there is a need to strengthen transparency through a consistent enforcement of existing EU regulations’ requirements.
  • Then, a clear and scientifically comprehensible, as well as uniform legal definitions of both sustainability and greenwashing for financial instruments must be implemented, keeping in mind the need for practicality and feasibility for banks and saving banks when implementing these requirements.


ESBG provides input on technical negotiations of the Artificial Intelligence Act

In Q4 of 2022, ESBG staff was invited to three stakeholder info sessions on the technical negotiations on the Artificial Intelligence Act, organized by the offices of MEP Voss (EPP, LIBE Shadow/JURI Opinion), MEP Clune (EPP, LIBE Shadow), and MEP Maydell (EPP, ITRE Opinion). During these info sessions, stakeholders were updated about the articles discussed during the technical meetings that took place in the Parliament and invited to provide concrete input on concrete issues.

The definition of AI remains a highly debated issue. According to ESBG members, the proposed definition is currently too broad. ESBG members argued for a narrow scope, since a scope that is too broad could potentially include more traditional software systems that should not fall under the scope of the proposal The definition of AI needs to take into account the different levels of autonomy and explainability of the system, as well as the level of control and human participation. Furthermore, it must contain the ability to learn and reason as central element.
Stakeholders were also asked for concrete examples of overlap with other pieces of legislation, also of sector-specific legislation. ESBG pointed out a number of articles where overlap with other legislation, notably the GDPR exists. There has also been discussion on the high-risk classification, extraterritorial applications, cooperation mechanisms, and access to data. Therefore, ESBG provided input on those matters as well.


Crypto-asset Activities: WSBI-ESBG calls for a more consistent regulatory approach

The Financial Stability Board (FSB) which is an international body that monitors and makes recommendations about the global financial system published a proposed framework for International Regulation of Crypto-asset Activities on 11 October 2022. The said framework sets out a) the key issues and challenges in developing a comprehensive and consistent regulatory approach that captures all types of crypto-asset activities that could rise to financial stability risks; b) policy initiatives at the jurisdictional and international levels; c) the FSB’s proposed approach for establishing a comprehensive framework.

The FSB  reports that crypto-assets and markets must be subject to effective regulation and oversight commensurate with the risks they pose. Crypto-asset markets are fast evolving and could reach a point where they represent a threat to global financial stability due to their scale, structural vulnerabilities and increasing interconnectedness with the traditional financial system.

WSBI-ESBG, for its part, welcomed the initiative of addressing the above-mentioned crucial issues and replied to the call for feedback on this consultative document on a proposed framework for International Regulation of Crypto-asset Activities, in particular calling for a more measured regulatory approach between the several players (i.e.; financial institutions, issuers, and providers of crypto assets) and for consistency between regulations and requirements applicable to traditional finance and crypto-based finance.

Finally, members underlined the importance of having a clear and dynamic regulatory approach to avoid confusion on the categorization of crypto-assets (i.e.; stablecoins, global stablecoins, digital assets), and the need for a higher consistency between local and international regulations.


WSBI-ESGB members call for aligned approach between regulatory bodies on Cyber incident reporting

On 17 October 2022, the Financial Stability Board (FSB) published a consultative document on Achieving Greater Convergence in Cyber Incident Reporting (CIR). In parallel, the FSB invited feedback on this document. Back in 2021, the FSB already published a report on CIR. The report set out three ways the FSB would take work forward to achieve greater convergence in cyber incident reporting: developing best practices, creating common terminologies for CIR, and identifying common types of information to be shared across jurisdictions and sectors.

To inform on its work, the FSB conducted a survey amongst FSB members to identify the most common reporting objectives and types of reporting performed; understanding the practical issues financial authorities and financial institutions have in collecting or using incident information; identifying the information items authorities collect to meet the common reporting objectives, including a review of existing incident reporting templates; and exploring the mechanisms for financial authorities to share incident information across borders and sectors.

Drawing on the survey findings, the FSB has set out recommendations to address impediments to achieving greater convergence in CIR with a view to promote better practices. This work also helped to inform refinements to the Cyber Lexicon, which resulted in the addition of four terms and revision of three definitions. The FSB also reviewed financial authorities’ incident reporting templates and identified commonalities in the information collected. Leveraging on this work, the FSB presented a concept for a format for incident reporting exchange (FIRE) to promote convergence, address operational challenges arising from reporting to multiple authorities and foster better communication.

In the face of the above mentioned initiative, WSBI-ESBG replied to the call for feedback on this consultative document on cyber incident reporting, in particular calling for a harmonised reporting approach between different regulatory bodies, processes, and data requests. In terms of promoting greater convergence in CIR, financial authorities could offer tools and platforms that minimize operational issues for reporting of incidents.
Finally, members underlined the importance of having clear definitions to avoid confusion and to differentiate between the terms ‘cyber incident’ and the subcategory thereof of ‘cybersecurity incident’.


Financial News & Views: December 2022 Edition



• New year message from WSBI-ESBG Managing Director (Page 2)
• WSBI’s president interview with The Banker (Page 3)
• World Savings Day 2022 (Page 3)
• The internal cards market in Europe from 2002 to 2020 (Page 4)
• A Female approach to financial education (Page 5)
• The very real challenge of cybersecurity and how to face it (Page 5)
• The 28th African Regional Group Meeting in Cape Verde (Page 6)
• ESBG welcomes Deputy Governor of the National Bank of Ukraine (Page 6)
• CMDI framework review: An evolution rather than a revolution (Page 7)
• Scale2Save: What a journey it has been! (Page 8)


More publications

Joint Industry letter on the importance of advice and preserving the commission-based model

ESBG toghether with EFAMA, EBF, Insurance Europe, EACB, EAPB and EUSIPA, issued a public letter addressed to Vice-President Dombrovskis, Commissioners McGuinness and Director-General Berrigan, remarking the importance of advice for European retail investors and the need to maintain the coexistence of fee-based and commission-based advice

Joint Industry Letter