The Basel Committee on Banking Supervision used its May 19-20 meeting in Basel to sketch the next batch of supervisory work: stronger practical guidance on ICT incidents, a narrower review of banks' crypto-asset exposures, and possible targeted revisions to liquidity-risk principles. That mix matters because it puts technology resilience, digital-asset risk and old-fashioned funding discipline in the same supervisory conversation.
The committee said it had agreed to publish a report that organises jurisdictions' practices for responding to non-malicious ICT incidents. It described ICT risk management as a core part of operational-risk management and said banks' operational resilience is becoming more important as technology changes and digitalisation deepen. Alongside that, members said work is advancing on a targeted review of prudential standards for crypto-asset exposures, while targeted revisions to liquidity principles are under consideration.
The backdrop was not a claim that the banking system is wobbling. Members said the global banking system remains resilient, supported by strong capital and liquidity. But they also said uncertainty around the economic outlook has risen with higher geopolitical tension, including conflict in the Middle East, and warned that inflation pressures, supply-chain disruption and spillover effects in sectors such as energy and agriculture could still test that resilience.
Two other watchpoints stand out for bank risk and compliance teams. On non-bank financial intermediation, including private credit, the committee said banks' direct exposures appear restrained overall, but indirect exposures and interconnectedness remain important issues, prompting calls for further supervisory scrutiny and continued cross-border information sharing. On AI, members said frontier models could help banks and supervisors identify cyber vulnerabilities and strengthen defences, but misuse could materially change the speed and scale of cyber incidents.
For business readers, the message is less about a single new rule than about the queue of issues supervisors want to work through next. Banks should expect more attention on operational resilience, crypto prudential treatment, liquidity principles, private-credit links and AI-enabled cyber risk. But this was a meeting summary, not a final rule set, and the committee did not attach a binding timetable to any future change.