EU Confirms Agreement on Rules on Cybersecurity and Banking Resolution
The European Council and the Parliament reached an agreement on the revised Directive on security of network and information systems (NIS2 Directive). The European Commission (EC) also welcomed the political agreement reached between the European Parliament and member states on the NIS2 Directive. Additionally, the European Council presidency and the European Parliament reached a provisional agreement on a draft regulation, also known as the "Daisy Chain" proposal, which amends the bank resolution framework in European Union.
The NIS2 Directive will set the baseline for cybersecurity risk management measures and reporting obligations across all sectors that are covered by the directive, such as energy, transport, health, and digital infrastructure. The directive will formally establish the European Cyber Crises Liaison Organization Network, EU-CyCLONe, which will support the coordinated management of large-scale cybersecurity incidents. The NIS2 directive introduces a size-cap rule. This means that all medium-size and large entities operating within the sectors or providing services covered by the Directive will fall within its scope. The provisionally agreed text includes additional provisions to ensure proportionality, a higher level of risk management, and clear-cut criticality criteria for determining the entities covered. The European Parliament and the Council have aligned the text with sector-specific legislation, in particular the regulation on digital operational resilience for the financial sector (DORA) and the directive on the resilience of critical entities (CER). The two co-legislators have also streamlined the reporting obligations to avoid causing over-reporting and creating an excessive burden on the entities covered. Member states will have 21 months from the entry into force of the Directive in which to incorporate the provisions into their national law. The provisional agreement is now subject to approval by the Council and the European Parliament.
Meanwhile, the "Daisy Chain" proposal amends the bank resolution framework by:
- incorporating a dedicated treatment for the indirect subscription of instruments eligible for internal minimum requirement for own funds and eligible liabilities (MREL)
- further aligning the treatment of global systemically important institution (G-SII) groups with a Multiple Point of Entry (MPE) resolution strategy with the treatment outlined in the Financial Stability Board's (FSB) international Total Loss-absorbing Capacity Term Sheet (the TLAC standard)
- clarifying the eligibility of instruments in the context of the internal TLAC
Under the provisional agreement, a revised deduction regime has been introduced, so as to avoid in particular double-counting of MREL elements at the level of intermediate entities. In addition, a carefully framed review clause has been added, to take into account the impact on different types of banking group structures. Such potential improvements will be assessed by the EC services, with a view to possible inclusion within the future Bank Recovery and Resolution Directive (BRRD) review proposal, expected from EC in the course of 2022. Under the provisional agreement, a transitional regime until end of 2024 has been introduced for MPE groups, subject to an assessment by the European Union resolution authorities. The provisional agreement reached is subject to approval by the Council and the European Parliament before going through the formal adoption procedure.
Related Links
Keywords: Europe, EU, Banking, Securities, Basel, Regulatory Capital, NIS Directive, NIS 2, Cyber Risk, Resolution Framework, MREL, TLAC, BRRD, DORA, European Council, European Parliament, Regtech, EC, Subheadline
Featured Experts
María Cañamero
Skilled market researcher; growth strategist; successful go-to-market campaign developer
Nicolas Degruson
Works with financial institutions, regulatory experts, business analysts, product managers, and software engineers to drive regulatory solutions across the globe.
Patrycja Oleksza
Applies proficiency and knowledge to regulatory capital and reporting analysis and coordinates business and product strategies in the banking technology area
Previous Article
EBA Issues Standards for Crowdfunding Service Providers Under ECSPRRelated Articles
SEC Finalizes Climate-Related Disclosures Rule
The U.S. Securities and Exchange Commission (SEC) has finalized the long-awaited rule that mandates climate-related disclosures for domestic and foreign publicly listed companies in the U.S.
US Regulators Release Stress Test Scenarios for Banks
The U.S. regulators recently released baseline and severely adverse scenarios, along with other details, for stress testing the banks in 2024. The relevant U.S. banking regulators are the Federal Reserve Bank (FED), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC).
Asian Governments Aim for Interoperability in AI Governance Frameworks
The regulatory landscape for artificial intelligence (AI), including the generative kind, is evolving rapidly, with governments and regulators aiming to address the challenges and opportunities presented by this transformative technology.
EBA Proposes Operational Risk Standards Under Final Basel III Package
The European Union (EU) has been working on the final elements of Basel III standards, with endorsement of the Banking Package and the publication of the European Banking Authority (EBA) roadmap on Basel III implementation in December 2023.
EFRAG Proposes XBRL Taxonomy and Standard for Listed SMEs Under ESRS
The European Financial Reporting Advisory Group (EFRAG), which plays a crucial role in shaping corporate reporting standards in European Union (EU), is seeking comments, until May 21, 2024, on the Exposure Draft ESRS for listed SMEs.
ECB to Expand Climate Change Work in 2024-2025
Banking regulators worldwide are increasingly focusing on addressing, monitoring, and supervising the institutions' exposure to climate and environmental risks.
BIS Bulletin Examines Cognitive Limits of Large Language Models
The use cases of generative AI in the banking sector are evolving fast, with many institutions adopting the technology to enhance customer service and operational efficiency.
ECB is Conducting First Cyber Risk Stress Test for Banks
As part of the increasing regulatory focus on operational resilience, cyber risk stress testing is also becoming a crucial aspect of ensuring bank resilience in the face of cyber threats.
EBA Continues Momentum Toward Strengthening Prudential Rules for Banks
A few years down the road from the last global financial crisis, regulators are still issuing rules and monitoring banks to ensure that they comply with the regulations.
EU and UK Agencies Issue Updates on Final Basel III Rules
The European Commission (EC) recently issued an update informing that the European Council and the Parliament have endorsed the Banking Package implementing the final elements of Basel III standards