The Basel Committee on Banking Supervision came out of its May 19 and 20 meeting with one clearly approved output and two files still very much in motion. It agreed to publish a report on ICT risk management, said a targeted review of prudential standards for banks' crypto-asset exposures had advanced, and said it is considering targeted revisions to liquidity-risk principles.
For banks, that wording matters. The committee said it had agreed to publish the ICT report, but only advanced the crypto review and is considering changes to liquidity principles. In other words, one document is ready to read, while the other two remain live supervisory work rather than settled change.
One item is concrete now
The agreed publication is a report that organizes ICT risk-management practices across jurisdictions in dealing with non-malicious ICT incidents. The committee described ICT as an important component of operational-risk management and said banks' operational resilience to ICT incidents is becoming more important as technology environments change and digitalization deepens. That makes this more than a technical housekeeping note. It is a reminder that resilience is now being treated as a mainstream risk-management task, not just something parked with the IT department.
Two other workstreams are still open
On crypto assets, the committee said only that it had progressed a targeted review of prudential standards for banks' exposures. On liquidity, it said it is considering targeted revisions to liquidity-risk principles. The published meeting output does not spell out the specific changes under review, so readers should resist the temptation to fill in the blanks with their favorite regulatory anxiety of the week.
The broader backdrop was cautious rather than alarmist. Members said the global banking system remains resilient, supported by strong capital and liquidity, but warned that rising tensions, including conflict in the Middle East, are increasing uncertainty around the economic outlook. They also pointed to possible second- and third-round effects from inflation pressure, supply-chain disruption and stress in sectors such as energy and agriculture. On non-bank finance, including private credit, the committee said banks' direct exposures appear contained overall, but indirect exposures and interconnections still merit close attention, along with continued cross-border information sharing and better data collection work by the Financial Stability Board.
Why banks should watch
The other notable watchpoint was AI and cybersecurity. The committee said frontier AI models could help banks and supervisors identify cyber vulnerabilities and strengthen defenses, but could also materially change the speed and scale of cyber incidents if misused. That leaves a fairly clear read-through: operational resilience is getting immediate airtime, while crypto exposures, liquidity principles and AI-related cyber risk remain active parts of the supervisory agenda.
One caveat deserves to sit in plain view. The FSA page carrying this material says it is machine translated and may not be fully accurate, and the supplied source text cuts off before any fuller detail on the ICT report itself. So the safest public reading is the committee's direction of travel, not imagined fine print that the published summary does not actually provide.