EC Updates Address Rules on Digital Platforms, Cyber Risk, and CMDI
The European Commission (EC) adopted a proposal to adjust and further strengthen the existing bank crisis management and deposit insurance (CMDI) framework for medium-size and smaller banks and a proposal for the Cyber Solidarity Act to strengthen cybersecurity capacities in the European Union (EU). The regulator also designated 17 entities as Very Large Online Platforms, or VLOPs, and 2 entities as Very Large Online Search Engines, or VLOSEs, based on the user data the platforms had to publish by February 17, 2023 under the Digital Services Act and issued rules for digital gatekeepers to ensure open markets under the Digital Markets Act.
Crisis Management and Deposit Insurance Framework. The proposal on reforms to the bank crisis management and deposit insurance will enable authorities to organize the orderly market exit for a failing bank of any size and business model, with a broad range of tools. It will facilitate the use of industry-funded safety nets to shield depositors in banking crises, such as by transferring them from an ailing bank to a healthy one. Such use of safety nets must only be a complement to the banks' internal loss absorption capacity, which remains the first line of defense. The proposal is intended to:
- facilitate the use of deposit guarantee schemes in crisis situations to shield depositors (natural persons, businesses, public entities, etc.) from bearing losses, where this is necessary to avoid contagion to other banks and negative effects on the community and the economy.
- protect taxpayers that do not have to step in to preserve financial stability by relying on industry-funded safety nets (such as deposit guarantee schemes and resolution funds).
- shield the real economy from the impact of bank failure. The proposed rules will allow authorities to fully exploit the many advantages of resolution as a key component of the crisis management toolbox.
- harmonize further the standards of depositor protection across the European Union. The new framework extends depositor protection to public entities as well as client money deposited in certain types of client funds (that is, by investment companies, payment institutions, e-money institutions). The proposal includes additional measures to harmonize the protection of temporary high balances on bank accounts in excess of EUR 100,000 linked to specific life events (such as inheritance or insurance indemnities).
Digital Services Act. EC adopted the first designation decisions under the Digital Services Act to designate 17 entities as Very Large Online Platforms and 2 entities as Very Large Online Search Engines. The designated entities will now have to comply, within four months, with the full set of new obligations under the Digital Services Act. The designated platforms and search engines need to adapt their systems, resources, and processes for compliance, set up an independent system of compliance, and carry out, and report to EC, their first annual risk assessment. Platforms will have to identify, analyze, and mitigate a wide array of systemic risks ranging from how illegal content and disinformation can be amplified on their services, to the impact on the freedom of expression and media freedom. The Digital Services Act will be enforced through a pan-European supervisory architecture, working in close cooperation with the Digital Services Coordinators in the supervisory framework established by the Digital Services Act. Moreover, EC is consulting, until May 25, 2023, on the provisions in the Digital Services Act related to data access for researchers to better monitor platform providers' actions to tackle illegal content and conduct research on systemic risks in the European Union. In another development, EC seeks views on draft rules on how independent audits should be conducted under the Digital Services Act for Very Large Online Platforms and Very Large Online Search Engines, with the comment period ending on June 02, 2023. The draft rules provide the main principles that auditors should apply when selecting auditing methodologies and procedures and provides further specifications for auditing Very Large Online Platforms' and Very Large Online Search Engines' compliance with risk management and crisis response obligations. EC intends to adopt the rules before the end of 2023.
Digital Markets Act. As of May 02, 2023, the rules for digital gatekeepers to ensure open markets start to apply. The potential gatekeepers that meet the quantitative thresholds established have until July 03, 2023 to notify their core platform services to EC. EC will then have 45 working days (until September 06, 2023) to decide whether the company meets the thresholds and to designate gatekeepers. Following their designation, gatekeepers will have six months (that is, until March 06, 2024) to comply with the requirements in the Digital Markets Act. The Digital Markets Act defines gatekeepers as those large online platforms that provide an important gateway between business users and consumers, whose position can grant them the power to act as a private rule maker, and thus create a bottleneck in the digital economy. The Digital Markets Act defines a series of obligations that gatekeepers will need to respect, including prohibiting them from engaging in certain behaviors in a list of dos and don'ts.
EU Cyber Solidarity Act. The proposed regulation on the Cyber Solidarity Act will support detection and awareness of cybersecurity threats and incidents, bolster preparedness of critical entities, and reinforce solidarity, concerted crisis management, and response capabilities across member states. The Cyber Solidarity Act will strengthen solidarity at EU level to better detect, prepare for, and respond to significant or large-scale cybersecurity incidents, by creating a European Cybersecurity Shield and a comprehensive Cyber Emergency Mechanism. EC proposed the establishment of a European Cyber Shield, which is a pan-European infrastructure of national and cross-border Security Operations Centers across EU. These centers are tasked with detecting and acting on cyber threats quickly and effectively and could be operational by early 2024. The Cyber Solidarity Act also includes the creation of a Cyber Emergency Mechanism to increase preparedness and enhance incident response capabilities in EU. Additionally, EC proposed a targeted amendment to the Cybersecurity Act, to enable the future adoption of European certification schemes for managed security services.
Related Links
Keywords: Europe, EU, Banking, Crisis Management, Deposit Insurance, Digital Services Act, Digital Markets Act, Regtech, Basel, Cyber Risk, Resolution Framework, EC
Featured Experts
María Cañamero
Skilled market researcher; growth strategist; successful go-to-market campaign developer
Nicolas Degruson
Works with financial institutions, regulatory experts, business analysts, product managers, and software engineers to drive regulatory solutions across the globe.
Patrycja Oleksza
Applies proficiency and knowledge to regulatory capital and reporting analysis and coordinates business and product strategies in the banking technology area
Previous Article
EU Authorities Issue Updates on CCyB, Digital Euro, MREL, and OthersRelated Articles
BIS and Central Banks Experiment with GenAI to Assess Climate Risks
A recent report from the Bank for International Settlements (BIS) Innovation Hub details Project Gaia, a collaboration between the BIS Innovation Hub Eurosystem Center and certain central banks in Europe
Nearly 25% G-SIBs Commit to Adopting TNFD Nature-Related Disclosures
Nature-related risks are increasing in severity and frequency, affecting businesses, capital providers, financial systems, and economies.
Singapore to Mandate Climate Disclosures from FY2025
Singapore recently took a significant step toward turning climate ambition into action, with the introduction of mandatory climate-related disclosures for listed and large non-listed companies
SEC Finalizes Climate-Related Disclosures Rule
The U.S. Securities and Exchange Commission (SEC) has finalized the long-awaited rule that mandates climate-related disclosures for domestic and foreign publicly listed companies in the U.S.
EBA Proposes Standards Related to Standardized Credit Risk Approach
The European Banking Authority (EBA) has been taking significant steps toward implementing the Basel III framework and strengthening the regulatory framework for credit institutions in the EU
US Regulators Release Stress Test Scenarios for Banks
The U.S. regulators recently released baseline and severely adverse scenarios, along with other details, for stress testing the banks in 2024. The relevant U.S. banking regulators are the Federal Reserve Bank (FED), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC).
Asian Governments Aim for Interoperability in AI Governance Frameworks
The regulatory landscape for artificial intelligence (AI), including the generative kind, is evolving rapidly, with governments and regulators aiming to address the challenges and opportunities presented by this transformative technology.
EBA Proposes Operational Risk Standards Under Final Basel III Package
The European Union (EU) has been working on the final elements of Basel III standards, with endorsement of the Banking Package and the publication of the European Banking Authority (EBA) roadmap on Basel III implementation in December 2023.
EFRAG Proposes XBRL Taxonomy and Standard for Listed SMEs Under ESRS
The European Financial Reporting Advisory Group (EFRAG), which plays a crucial role in shaping corporate reporting standards in European Union (EU), is seeking comments, until May 21, 2024, on the Exposure Draft ESRS for listed SMEs.
ECB to Expand Climate Change Work in 2024-2025
Banking regulators worldwide are increasingly focusing on addressing, monitoring, and supervising the institutions' exposure to climate and environmental risks.
