Thursday, November 7, 2024
spot_imgspot_img
HomeEconomyDigital finance: provisional agreement reached on DORA

Digital finance: provisional agreement reached on DORA

Given the ever-increasing risks of cyber attacks, the EU is strengthening the IT security of financial entities such as banks, insurance companies and investment firms. The Council presidency and the European Parliament reached a provisional agreement on the Digital Operational Resilience Act (DORA), which will make sure the financial sector in Europe is able to maintain resilient operations through a severe operational disruption.

DORA sets uniform requirements for the security of network and information systems of companies and organisations operating in the financial sector as well as critical third parties which provide ICT (Information Communication Technologies)-related services to them, such as cloud platforms or data analytics services. DORA creates a regulatory framework on digital operational resilience whereby all firms need to make sure they can withstand, respond to and recover from all types of ICT-related disruptions and threats. These requirements are homogenous across all EU member states. The core aim is to prevent and mitigate cyber threats.

Under the provisional agreement, the new rules will constitute a very robust framework that boosts the IT security of the financial sector. The efforts asked from financial entities will be proportional to the potential risks.

Almost all financial entities will be subject to the new rules. Under the provisional agreement, auditors will not be subject to DORA but will be part of a future review of the regulation, where a possible revision of the rules may be explored.

Critical third-country ICT service providers to financial entities in the EU will be required to establish a subsidiary within the EU so that oversight can be properly implemented.

As regards the oversight framework, the co-legislators agreed to opt for an additional joint oversight network which will strengthen the coordination between the European supervisory authorities on this cross-sectoral topic.

Under the provisional agreement, penetration tests shall be carried out in functioning mode, and it will be possible to include several member states’ authorities in the test procedures. The use of internal auditors will be possible only in a number of strictly limited circumstances, subject to safeguard conditions.

As regards the interaction of DORA with the Network and Information Security (NIS) directive, under the provisional agreement financial entities will have full clarity on the different rules on digital operational resilience they need to comply with, in particular for those financial entities holding several authorisations and operating in different markets within the EU. The NIS directive continues to apply. DORA builds on the NIS directive and addresses possible overlaps via a lex specialis exemption.

The provisional agreement reached yesterday evening is subject to approval by the Council and the European Parliament before going through the formal adoption procedure.

Once the DORA proposal is formally adopted, it will be passed into law by each EU member state. The relevant European Supervisory Authorities (ESAs), such as the European Banking Authority (EBA), the European Securities and Markets Authority (ESMA) and the European Insurance and Occupational Pensions Authority (EIOPA), will then develop technical standards for all financial services institutions to abide by, from banking to insurance to asset management. The respective national competent authorities will take the role of compliance oversight and enforce the regulation as necessary.

Background 

The Commission came forward with the DORA proposal on 24 September 2020. It is part of the larger digital finance package, which aims to develop a European approach that fosters technological development and ensures financial stability and consumer protection. In addition to the DORA proposal, the package contains a digital finance strategy, a proposal on markets in crypto-assets (MiCA) and a proposal on distributed ledger technology (DLT).

This package bridges a gap in existing EU legislation by ensuring that the current legal framework does not pose obstacles to the use of new digital financial instruments and, at the same time, ensures that such new technologies and products fall within the scope of financial regulation and operational risk management arrangements of firms active in the EU. Thus, the package aims to support innovation and the uptake of new financial technologies while providing for an appropriate level of consumer and investor protection.

DISCLAIMER

This article provides general information only and does not replace professional advice in any way. It is recommended to consult a qualified professional before making any important decisions regarding financial, legal or other matters. The author and the publication are not responsible for any errors or damages caused by the use of the information contained in this article.

We are memberspot_img
spot_img

Related articles

Assomalta protagonist at Naples Shipping Week 2024: at the forefront of Mediterranean development

Transhipment, shipbuilding, maritime sustainability and technological innovation are at the centre of discussions at Naples Shipping Week, which will be attended by Assomalta for the development of the sector in the Mediterranean.

Malta has the highest employment rate in the EU: 96% of recent graduates find work by 2023

Malta leads the EU with an employment rate of 96% among recent graduates in 2023, demonstrating the effectiveness of its economic policies and job...

Energy transition in the Mediterranean: collaboration between Malta and Sicily for a sustainable future

Discover how Malta and Sicily are leading the energy transition in the Mediterranean. Innovative offshore wind projects and environmental sustainability at the centre of...

Funding focus
Discover the news in the dedicated section