The European Council and the Parliament reached an agreement on the revised Directive on security of network and information systems (NIS2 Directive). The European Commission (EC) also welcomed the political agreement reached between the European Parliament and member states on the NIS2 Directive. Additionally, the European Council presidency and the European Parliament reached a provisional agreement on a draft regulation, also known as the "Daisy Chain" proposal, which amends the bank resolution framework in European Union.
The NIS2 Directive will set the baseline for cybersecurity risk management measures and reporting obligations across all sectors that are covered by the directive, such as energy, transport, health, and digital infrastructure. The directive will formally establish the European Cyber Crises Liaison Organization Network, EU-CyCLONe, which will support the coordinated management of large-scale cybersecurity incidents. The NIS2 directive introduces a size-cap rule. This means that all medium-size and large entities operating within the sectors or providing services covered by the Directive will fall within its scope. The provisionally agreed text includes additional provisions to ensure proportionality, a higher level of risk management, and clear-cut criticality criteria for determining the entities covered. The European Parliament and the Council have aligned the text with sector-specific legislation, in particular the regulation on digital operational resilience for the financial sector (DORA) and the directive on the resilience of critical entities (CER). The two co-legislators have also streamlined the reporting obligations to avoid causing over-reporting and creating an excessive burden on the entities covered. Member states will have 21 months from the entry into force of the Directive in which to incorporate the provisions into their national law. The provisional agreement is now subject to approval by the Council and the European Parliament.
Meanwhile, the "Daisy Chain" proposal amends the bank resolution framework by:
- incorporating a dedicated treatment for the indirect subscription of instruments eligible for internal minimum requirement for own funds and eligible liabilities (MREL)
- further aligning the treatment of global systemically important institution (G-SII) groups with a Multiple Point of Entry (MPE) resolution strategy with the treatment outlined in the Financial Stability Board's (FSB) international Total Loss-absorbing Capacity Term Sheet (the TLAC standard)
- clarifying the eligibility of instruments in the context of the internal TLAC
Under the provisional agreement, a revised deduction regime has been introduced, so as to avoid in particular double-counting of MREL elements at the level of intermediate entities. In addition, a carefully framed review clause has been added, to take into account the impact on different types of banking group structures. Such potential improvements will be assessed by the EC services, with a view to possible inclusion within the future Bank Recovery and Resolution Directive (BRRD) review proposal, expected from EC in the course of 2022. Under the provisional agreement, a transitional regime until end of 2024 has been introduced for MPE groups, subject to an assessment by the European Union resolution authorities. The provisional agreement reached is subject to approval by the Council and the European Parliament before going through the formal adoption procedure.
Keywords: Europe, EU, Banking, Securities, Basel, Regulatory Capital, NIS Directive, NIS 2, Cyber Risk, Resolution Framework, MREL, TLAC, BRRD, DORA, European Council, European Parliament, Regtech, EC, Subheadline
Previous ArticleEBA Issues Standards for Crowdfunding Service Providers Under ECSPR
The three European Supervisory Authorities (ESAs) issued a letter to inform about delay in the Sustainable Finance Disclosure Regulation (SFDR) mandate, along with a Call for Evidence on greenwashing practices.
The Financial Stability Board (FSB) and the Network for Greening the Financial System (NGFS) published a joint report that outlines the initial findings from climate scenario analyses undertaken by financial authorities to assess climate-related financial risks.
The Financial Stability Board (FSB) published a letter intended for the G20 leaders, highlighting the work that it will undertake under the Indian G20 Presidency in 2023 to strengthen resilience of the financial system.
The International Sustainability Standards Board (ISSB) of the IFRS Foundations made several announcements at COP27 and with respect to its work on the sustainability standards.
The International Organization for Securities Commissions (IOSCO), at COP27, outlined the regulatory priorities for sustainability disclosures, mitigation of greenwashing, and promotion of integrity in carbon markets.
The European Banking Authority (EBA) issued a statement in the context of COP27, clarified the operationalization of intermediate EU parent undertakings (IPUs) of third-country groups
The European Union has finalized and published, in the Official Journal of the European Union, a set of 13 Delegated and Implementing Regulations applicable to the European crowdfunding service providers.
The Office of the Superintendent of Financial Institutions (OSFI) published an annual report on its activities, a report on forward-looking work.
The Australian Prudential Regulation Authority (APRA) finalized amendments to the capital framework, announced a review of the prudential framework for groups.
The Bank for International Settlements (BIS) Innovation Hubs and several central banks are working together on various central bank digital currency (CBDC) pilots.