The FSA’s investigation, covering the period from 2022 to 2023, revealed that S-Bank’s operational risk management was lacking. Specifically, the bank failed to maintain a secure information system and effective deviation management procedures. Moreover, it lacked adequate methods to identify, assess, and control operational risks, particularly in relation to outsourcing risks. The investigation focused on the bank’s organization of security and IT risks.
In Finland, the emphasis on digital security for banking services has increased, especially with the transition to online and mobile banking. The geopolitical climate has highlighted the necessity for stringent management of digital services, and in 2025, monitoring IT and cybersecurity risks will be a priority for the FSA, according to its director, Tero Kurenmaa.
The imposed fine reflects a comprehensive evaluation considering various factors, such as the severity and duration of the negligence and any prior infractions by the bank in financial market regulations. Notably, S-Bank’s efforts to prevent future negligence and its cooperation with the FSA during the investigation were factored in, potentially resulting in a reduced penalty.
S-Bank has the right to contest the FSA’s decision in the Helsinki Administrative Court within 30 days of receiving the notice. The aim of the decision and further details are accessible via the FSA’s online services.
For additional inquiries, interested parties can reach out to Janne Häyrynen, Head of the Legal Unit, or Jussi Terho, Manager of Payment Services and System Monitoring, through the Communications Media Emergency Services during business hours.
Enlace de la fuente, haz clic para tener más información