Regnology’s Post

(!!!) The three European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) published today the second batch of policy products under the Digital Operational Resilience Act (DORA). This batch consists of four final draft regulatory technical standards (RTS), one set of Implementing Technical Standards (ITS) and 2 guidelines, all of which aim at enhancing the digital operational resilience of the EU’s financial sector. #DORA

The European Commission has published two draft delegated acts that supplement the Regulation on digital operational resilience for the financial sector (DORA). The draft delegated acts specify the criteria for the designation of ICT third-party service providers as critical for financial entities (CTPPs) and determine the amount of oversight fees to be charged by the lead overseer to CTPPs and how those fees will be paid. The draft delegated acts are open for feedback for four weeks, from 16 November to 14 December 2023. The Commission states that it will take account of the feedback received when finalising the acts. The Commission intends to adopt the delegated acts in Q2 2024. It is mandated to adopt the delegated acts by 17 July 2024. The European Supervisory Authorities (ESAs) (that is, ESMA, EIOPA and the EBA) published their technical advice (ESA 2023 23) for the European Commission relating to the draft delegated acts in September 2023. #dora

The three European Supervisory Authorities (EBA, EIOPA, and ESMA – the ESAs) have published a second batch of policy products under the Digital Operational Resilience Act (DORA). This batch consists of four final draft regulatory technical standards (RTS), one set of Implementing Technical Standards (ITS), and two guidelines. More at https://lnkd.in/ebDetbCm #DORA #operationalresilience

#DORA The European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) today announced that they will launch in May the voluntary exercise for the collection of the registers of information of contractual arrangements on the use of ICT third-party service providers by the financial entities. Under the Digital Operation Resilience Act (DORA) and starting from 2025, financial entities will have to maintain registers of information regarding their use of ICT third-party providers. In this dry run exercise, this information will be collected from financial entities through their competent authorities and will serve as preparation for the implementation and reporting of registers of information under DORA.

#DORA Updates: As part of their preparations for the Digital Operational Resilience Act (DORA), 🏢 the European Supervisory Authorities (EBA, EIOPA, and ESMA) has released an overview of ICT third-party providers (TTP). 🔎 The analysis has identified around 15,000 ICT TTPs serving financial entities in the EU, many supporting critical functions. ☝ Valuable lessons for DORA implementation include the need for unique identifiers in data and an ICT services classification system. 👇 To learn more about the Legal Acts of DORA, visit our website: https://lnkd.in/dSXygfX2

💥 Join us for an insightful webinar on 'Preparing for DORA'! 📢   This session will offer a comprehensive overview of the Digital Operational Resilience Act (DORA) - a pivotal EU-wide regulation designed to enhance digital operational resilience across the financial sector. We'll dive deep into the recently published drafts of the first batch of regulatory technical standards by the European Supervisory Authorities (EBA, EIOPA, and ESMA) and provide guidance on how to prepare for these technical standards. 🌟   Register for the webinar today: https://lnkd.in/ePVE_-nY #DORA #Regulation #Finance #DigitalResilience

#DigitalFinanceEU | The European Supervisory Authorities came out with a second batch of policy products under #DORA, which aim at enhancing the digital operational resilience of the EU’s financial sector: 4 final draft regulatory technical standards, 1 set of Implementing Technical Standards and 2 guidelines → https://lnkd.in/eeaKNSXr. 💡 reporting framework for ICT-related incidents (reporting clarity, templates) and threat-led penetration testing 💡 requirements on the design of the oversight framework, which enhance the resilience of the EU financial sector 👉 Digital Operational Resilience Act = https://lnkd.in/gSjPFpSZ

Update on DORA - Fintech’s take note - The European Supervisory Authorities came out with a second batch of policy products under #DORA, which aim at enhancing the digital operational resilience of the EU’s financial sector: 4 final draft regulatory technical standards, 1 set of Implementing Technical Standards and 2 guidelines European Securities and Markets Authority (ESMA) #OperationalResilience

#DORA  the ESAS (EBA>EIOPA>ESMA) have published a document on ICT TTPs today: ESAs publish Report on the landscape of ICT third-party providers in the EU (europa.eu). The report covers ICT-related contractual arrangements for entities across the financial sector. Overall, the exercise has identified around 15,000 ICT TPPs directly serving financial sector entities across the EU. It has found that the most frequently used ICT TPPs support critical or important functions for their clients in a wide range of services. In addition, most critical services were classified as non-substitutable by financial institutions. This report will support their decisions and work on CTTPS/ RTS etc https://lnkd.in/efqa6S_t).

🔔 As I said in my previous post about #MiFIR and ESMA consultation, there was more to come - and here it is! On 23 May ESMA published its second package of draft Level 2 measures for #MiFIR, this time focusing on rules for #CTPs, and shedding some light on the assessment criteria for the #CTP selection procedure. A must-read for the prospective applicants, the package includes: ➡ Draft RTS on input and output of data of CTPs: the draft covers provisions applicable to the equity and bonds CTP, and addresses specifically: ◻ Quality of transmission protocols, including aspects relating to their performance, reliability, security and compatibility ◻ Quality and substance of data, including the MiFIR requirement of transmission of data “as close to real time as technically possible” ◻ Data quality measures and enforcement standards. ➡ Draft RTS on the revenue distribution scheme of CTPs: the draft sets out further details for the three criteria foreseen by #MiFIR for the participation in the revenue distribution scheme for equity #CTP, including the relevant weightings and methodology. ➡ Draft RTS on the synchronization of business clocks: ESMA sets out further specifications regarding the level of accuracy to which business clocks are to be synchronized, and considers the application of clock synchronization requirements to new entities subject to this requirement (SIs / DPEs / APAs). ➡ Draft RTS/ITS on the authorisation and requirements for DRSPs: ESMA proposes updates to Commission Delegated Regulation (EU) 2017/571 (RTS 13) and draft a new RTS on CTP authorisation, together with its related ITS. ➡ Criteria to assess CTP applicants: ESMA explains the selection procedure and sets out the relevant assessment criteria, grouped into five thematic categories, together with its expectations on each of them. 📅 Deadline to provide comments: 28 August 2024. https://lnkd.in/e_9tTutb