EC Updates Address Rules on Digital Platforms, Cyber Risk, and CMDI
The European Commission (EC) adopted a proposal to adjust and further strengthen the existing bank crisis management and deposit insurance (CMDI) framework for medium-size and smaller banks and a proposal for the Cyber Solidarity Act to strengthen cybersecurity capacities in the European Union (EU). The regulator also designated 17 entities as Very Large Online Platforms, or VLOPs, and 2 entities as Very Large Online Search Engines, or VLOSEs, based on the user data the platforms had to publish by February 17, 2023 under the Digital Services Act and issued rules for digital gatekeepers to ensure open markets under the Digital Markets Act.
Crisis Management and Deposit Insurance Framework. The proposal on reforms to the bank crisis management and deposit insurance will enable authorities to organize the orderly market exit for a failing bank of any size and business model, with a broad range of tools. It will facilitate the use of industry-funded safety nets to shield depositors in banking crises, such as by transferring them from an ailing bank to a healthy one. Such use of safety nets must only be a complement to the banks' internal loss absorption capacity, which remains the first line of defense. The proposal is intended to:
- facilitate the use of deposit guarantee schemes in crisis situations to shield depositors (natural persons, businesses, public entities, etc.) from bearing losses, where this is necessary to avoid contagion to other banks and negative effects on the community and the economy.
- protect taxpayers that do not have to step in to preserve financial stability by relying on industry-funded safety nets (such as deposit guarantee schemes and resolution funds).
- shield the real economy from the impact of bank failure. The proposed rules will allow authorities to fully exploit the many advantages of resolution as a key component of the crisis management toolbox.
- harmonize further the standards of depositor protection across the European Union. The new framework extends depositor protection to public entities as well as client money deposited in certain types of client funds (that is, by investment companies, payment institutions, e-money institutions). The proposal includes additional measures to harmonize the protection of temporary high balances on bank accounts in excess of EUR 100,000 linked to specific life events (such as inheritance or insurance indemnities).
Digital Services Act. EC adopted the first designation decisions under the Digital Services Act to designate 17 entities as Very Large Online Platforms and 2 entities as Very Large Online Search Engines. The designated entities will now have to comply, within four months, with the full set of new obligations under the Digital Services Act. The designated platforms and search engines need to adapt their systems, resources, and processes for compliance, set up an independent system of compliance, and carry out, and report to EC, their first annual risk assessment. Platforms will have to identify, analyze, and mitigate a wide array of systemic risks ranging from how illegal content and disinformation can be amplified on their services, to the impact on the freedom of expression and media freedom. The Digital Services Act will be enforced through a pan-European supervisory architecture, working in close cooperation with the Digital Services Coordinators in the supervisory framework established by the Digital Services Act. Moreover, EC is consulting, until May 25, 2023, on the provisions in the Digital Services Act related to data access for researchers to better monitor platform providers' actions to tackle illegal content and conduct research on systemic risks in the European Union. In another development, EC seeks views on draft rules on how independent audits should be conducted under the Digital Services Act for Very Large Online Platforms and Very Large Online Search Engines, with the comment period ending on June 02, 2023. The draft rules provide the main principles that auditors should apply when selecting auditing methodologies and procedures and provides further specifications for auditing Very Large Online Platforms' and Very Large Online Search Engines' compliance with risk management and crisis response obligations. EC intends to adopt the rules before the end of 2023.
Digital Markets Act. As of May 02, 2023, the rules for digital gatekeepers to ensure open markets start to apply. The potential gatekeepers that meet the quantitative thresholds established have until July 03, 2023 to notify their core platform services to EC. EC will then have 45 working days (until September 06, 2023) to decide whether the company meets the thresholds and to designate gatekeepers. Following their designation, gatekeepers will have six months (that is, until March 06, 2024) to comply with the requirements in the Digital Markets Act. The Digital Markets Act defines gatekeepers as those large online platforms that provide an important gateway between business users and consumers, whose position can grant them the power to act as a private rule maker, and thus create a bottleneck in the digital economy. The Digital Markets Act defines a series of obligations that gatekeepers will need to respect, including prohibiting them from engaging in certain behaviors in a list of dos and don'ts.
EU Cyber Solidarity Act. The proposed regulation on the Cyber Solidarity Act will support detection and awareness of cybersecurity threats and incidents, bolster preparedness of critical entities, and reinforce solidarity, concerted crisis management, and response capabilities across member states. The Cyber Solidarity Act will strengthen solidarity at EU level to better detect, prepare for, and respond to significant or large-scale cybersecurity incidents, by creating a European Cybersecurity Shield and a comprehensive Cyber Emergency Mechanism. EC proposed the establishment of a European Cyber Shield, which is a pan-European infrastructure of national and cross-border Security Operations Centers across EU. These centers are tasked with detecting and acting on cyber threats quickly and effectively and could be operational by early 2024. The Cyber Solidarity Act also includes the creation of a Cyber Emergency Mechanism to increase preparedness and enhance incident response capabilities in EU. Additionally, EC proposed a targeted amendment to the Cybersecurity Act, to enable the future adoption of European certification schemes for managed security services.
Related Links
Keywords: Europe, EU, Banking, Crisis Management, Deposit Insurance, Digital Services Act, Digital Markets Act, Regtech, Basel, Cyber Risk, Resolution Framework, EC
Featured Experts
María Cañamero
Skilled market researcher; growth strategist; successful go-to-market campaign developer
Nicolas Degruson
Works with financial institutions, regulatory experts, business analysts, product managers, and software engineers to drive regulatory solutions across the globe.
Patrycja Oleksza
Applies proficiency and knowledge to regulatory capital and reporting analysis and coordinates business and product strategies in the banking technology area
Previous Article
EU Authorities Issue Updates on CCyB, Digital Euro, MREL, and OthersRelated Articles
EBA Finalizes Templates for One-Off Climate Risk Scenario Analysis
The European Banking Authority (EBA) has published the final templates, and the associated guidance, for collecting climate-related data for the one-off Fit-for-55 climate risk scenario analysis.
EBA Mulls Inclusion of Environmental & Social Risks to Pillar 1 Rules
The European Banking Authority (EBA) recently published a report that recommends enhancements to the Pillar 1 framework, under the prudential rules, to capture environmental and social risks.
BCBS Consults on Disclosure of Crypto-Asset Exposures of Banks
As a follow on from its prudential standard on the treatment of crypto-asset exposures, the Basel Committee on Banking Supervision (BCBS) proposed disclosure requirements for crypto-asset exposures of banks.
BCBS and EBA Publish Results of Basel III Monitoring Exercise
The Basel Committee on Banking Supervision (BCBS) and the European Banking Authority (EBA) have published results of the Basel III monitoring exercise.
PRA Updates Timeline for Final Basel III Rules, Issues Other Updates
The Prudential Regulation Authority (PRA) recently issued a few regulatory updates for banks, with the updated Basel implementation timelines being the key among them.
US Treasury Sets Out Principles for Net-Zero Financing
The U.S. Department of the Treasury has recently set out the principles for net-zero financing and investment.
EC Launches Survey on G7 Principles on Generative AI
The European Commission (EC) launched a stakeholder survey on the draft International Guiding Principles for organizations developing advanced artificial intelligence (AI) systems.
ISSB Sustainability Standards Expected to Become Global Baseline
The finalization of the two sustainability disclosure standards—IFRS S1 and IFRS S2—is expected to be a significant step forward in the harmonization of sustainability disclosures worldwide.
IOSCO, BIS, and FSB to Intensify Focus on Decentralized Finance
Decentralized finance (DeFi) is expected to increase in prominence, finding traction in use cases such as lending, trading, and investing, without the intermediation of traditional financial institutions.
BCBS Assesses NSFR and Large Exposures Rules in US
The Basel Committee on Banking Supervision (BCBS) published reports that assessed the overall implementation of the net stable funding ratio (NSFR) and the large exposures rules in the U.S.
