Recomendation D / IT Requirements

Recomendation D / IT Requirements

Polish Financial Supervision Authority Recommendation D / IT Requirements implementation and oversight.

PFSA Recommendation D / IT Requirements implementation and oversight.

Banking regulator, Polish Financial Supervision Authority (KNF/PFSA), and previously General Inspectorate of Banking Supervision (GINB), recognizes the big impact IT has on Bank’s performance. Recognizing the importance of IT, since 1997 the Regulator has presented guidelines for banks in a special way via Recommendation D, which covered various aspects of risk management associated with IT systems. With each new version, Recommendation D has evolved placing emphasis on different issues connected with information systems. The draft Recommendation D dated 2013 prepared by Polish Financial Supervision Authority is a significant change in the Authority’s approach to information technology engaging in requirements fulfilling not only IT but also business, legal and internal audit departments.

The significance of IT services and information systems in a modern financial institution such as Bank, Insurance Association PTE, TFI and others is indisputable and continues to grow over the years. The position of IT services is mostly the outcome of how the modern financial organizations are dependent on IT tools which support the ongoing implementation of processes. Nowadays, without the automatization of proccesses of information systems the organization could not carry out its core business activity.

The Financial Supervision Commission which serves as the financial sector regulator, sees the enormous impact of IT sector on the organization's functionality. Through the Revised Recommendation D / IT guidelines, the regulator presents to the financial institutions the guidelines on managing risks associated with information systems. The Revised Recommendation / IT guidelines introduced new and significantly changed requirements in the area related to the information processing, giving the institutions just two years for its full implementation. 


Before taking any actions that address the requirements of the Financial Supervision Commission, it is important to keep in mind that implementing the Recommendation D:

  • Is not only the IT service obligation, but also the whole Organization such as Bank, TU, PTE or TFI
  • Should be based on the principal of proportionality as well as on the results of risk analysis.


Based on the KPMG experience, the biggest challenge for the institution will be to ensure the compliance with the following recommendations:

  • Managing the data quality (Recommendation 8)
  • Managing the access rights to IT systems in accordance with the Segregation of Duties (Recommendations 5 and 11)
  • Managing the end-user software, Recommendation 17
  • Managing the security breach incidents (Recommendation 20)
  • Scheduled and independent audits of the IT environment (Recommendation 22).

Due to the huge complexity of the recommendation D requirements and the short period of time remaining for its full implementation, the institutions should take immediate actions in this area. The KPMG support will allow you to complete these tasks in a pragmatic, time and cost efficient way.


Potential benefits for the client:

  • The independent defining/ confirming the degree of compliance with the requirements of recommendation D by the institution
  • Rapid and resourceful gap identification between the current situation and the requirements defined by the Regulator
  • The use of rich experience and interdisciplinary KPMG team in terms of planning and implementing the remedial actions in accordance with the principle of proportionality defined by the Regulator
  • Properly designed control environment in the areas covered by the recommendation.


Connect with us