Featured Product

    ESAs Respond to EC Proposal on DORA, Suggest Improvements

    February 09, 2021

    ESAs addressed a letter to certain relevant EU entities expressing views on the EC proposal on the Digital Operational Resilience Act, also called DORA. In the letter, ESAs highlight their agreement with the main principles of DORA, which EC proposed in September 2020, and express support for the establishment of an oversight framework to cover the technology (ICT) services that critical third-party providers offer to the financial sector. ESAs also suggest ways to most efficiently take forward important aspects of the governance and operational processes of the oversight framework for critical third-party providers and the application of the proportionality principle in DORA.

    In their letter, ESAs highlight that the proposed oversight framework is the first concrete initiative to address the complex issue of the dependencies on critical third-party providers in the financial sector, including monitoring third-party concentration risks. ESAs also emphasize the necessity of clearly communicating that the scope of this framework is limited to the provider activities in relation to financial entities. In this context, ESAs discuss the challenges for the governance and operation of the proposed sectoral oversight framework and suggest the following ways to address these challenges:

    • Need for more streamlined and effective governance. ESAs propose that co-legislators should consider a model that permits stronger ESA cooperation through the creation of a joint-ESAs executive body, which would integrate the role of the Oversight Forum and be responsible for the overall oversight work for cross-sectoral critical third-party providers. Necessary powers could be allocated to this executive body by the legislation to enhance its decision-making role and to ensure a unified and harmonized approach across the ESAs. In addition, the legislation could clarify the potential designation of entities providing such services to financial entities across the remit of a single ESA, along with the governance model to be applied in these cases. ESAs also propose that the co-legislators consider establishing a cross-ESAs team to work on the oversight of critical third-party providers.
    • Need for coherence between oversight recommendations and follow-up. The letter proposes far greater involvement for the ESAs in the follow-up process and the introduction of effective enforcement measures at EU level that can be applied directly to the critical third-party providers. Enforcement actions against a third-party provider could be endorsed by competent authorities through the Board of Supervisors of one or more of the ESAs. Moreover, DORA could allow for market transparency tools to strengthen the oversight framework and to encourage these providers to adhere to recommendations.
    • Need for adequate resources. DORA envisages significant new ongoing work. For instance, it proposes ongoing policy-related work in the form of regular reporting and several tasks relating to ICT-related incident reporting, cooperation with structures and authorities established by the NIS Directive, financial cross-sector exercises, communication, and cooperation. Thus, ESAs strongly recommend a significant increase to the allocation of new resources, including more senior roles, for the new ongoing tasks proposed under DORA.
    • Need for a more proportionate DORA. The current DORA proposal excludes only micro-enterprises from the application of certain requirements and does not make any reference to sectoral legislation when defining the financial entities in scope. Given this, ESAs suggested a more comprehensive inclusion of the principle of proportionality in a more flexible way across the legal act.

     

    Related Link: ESAs Letter (PDF)

     

    Keywords: Europe, EU, Banking, Insurance, Securities, DORA, Digital Operational Resilience Act, Third Party Providers, Cyber Risk, Fintech, Operational Risk, Regtech, Cloud Computing, ESAs

    Related Articles
    News

    US Agencies Issue Regulatory Updates, FDIC Launches Tech Sprint

    The Board of Governors of the Federal Reserve System (FED) published the final rule that amends Regulation I to reduce the quarterly reporting burden for member banks by automating the application process for adjusting their subscriptions to the Federal Reserve Bank capital stock, except in the context of mergers.

    January 13, 2022 WebPage Regulatory News
    News

    EBA Issues Guide on Bank Resolvability, Consults on Transferability

    The European Banking Authority (EBA) published its assessment of risks through the quarterly Risk Dashboard and the results of the Autumn edition of the Risk Assessment Questionnaire (RAQ).

    January 13, 2022 WebPage Regulatory News
    News

    HKMA Extends Repayment for Trade Facilities, Consults on Crypto-Assets

    The Hong Kong Monetary Authority (HKMA) published a circular, along with the reporting form and instructions, for self-assessment, by authorized institutions, of compliance with the Code of Banking Practice 2021.

    January 12, 2022 WebPage Regulatory News
    News

    FCA Registers Securitization Repositories; PRA Issues 2022 Priorities

    The Financial Conduct Authority (FCA) decided to register European DataWarehouse Ltd and SecRep Limited as securitization repositories under the UK Securitization Regulation, with effect from January 17, 2022.

    January 12, 2022 WebPage Regulatory News
    News

    EC Regulation Sets Out Methods for Measuring K-Factors Under IFR

    The European Commission (EC) published the Delegated Regulation 2022/25, which supplements the Investment Firms Regulation (IFR or Regulation 2019/2033) with respect to the regulatory technical standards specifying the methods for measuring the K-factors referred to in Article 15 of the IFR.

    January 11, 2022 WebPage Regulatory News
    News

    BIS Studies How Platform Models Impact Financial Stability & Inclusion

    The Bank of International Settlements (BIS) published a paper that assesses the ways in which platform-based business models can affect financial inclusion, competition, financial stability and consumer protection.

    January 10, 2022 WebPage Regulatory News
    News

    ESAs Publish List of Financial Conglomerates for 2021

    The European Supervisory Authorities (ESAs) published the list of identified financial conglomerates for 2021.

    January 07, 2022 WebPage Regulatory News
    News

    APRA Licenses Two More Banks, Reduces Committed Liquidity Facility

    The Australian Prudential Regulation Authority (APRA) updated the list of authorized deposit-taking institutions, granting license to Barclays Bank PLC and Crédit Agricole Corporate and Investment Bank to operate as foreign authorized deposit-taking institutions under the Banking Act 1959.

    January 07, 2022 WebPage Regulatory News
    News

    EU Issues SII Corrigendum; EIOPA Assesses SII Reporting Exemptions

    EU published, in the Official Journal of the European Union, a corrigendum to the Delegated Regulation 2015/35, which supplements Solvency II Directive (2009/138/EC).

    January 06, 2022 WebPage Regulatory News
    News

    EBA Opines on Impact of De-Risking and Associated AML/CFT Challenges

    The European Banking Authority (EBA) published an Opinion on the scale and impact of de-risking in European Union and the steps that competent authorities should take to tackle unwarranted de-risking.

    January 05, 2022 WebPage Regulatory News
    RESULTS 1 - 10 OF 7860