Regulatory Alerts2022-12-21
Guidelines for the Appropriate Management of Information System Risks by Supervised Entities
The Croatian Financial Services Supervisory Agency (HANFA) issued these Guidelines to establish a systematic framework for identifying, assessing, and mitigating information system risks across supervised financial entities. The document mandates that management boards and designated officers implement continuous risk identification, threat evaluation, and proportional control measures covering organizational structure, human resources, IT maintenance, and application development. By aligning IS risk management with core business objectives and regulatory compliance, supervised entities must reduce operational vulnerabilities through avoidance, reduction, acceptance, or transfer strategies while ensuring data confidentiality, integrity, and availability.