Nos derniers articles

The white paper examines how the EU’s **NIS2 Directive** and **DORA Regulation** impose resilience, security, and compliance obligations on critical and financial-sector entities. It describes how NIS2 applies broadly to “essential” and “important” operators, while DORA targets financial firms, and compares their requirements for risk management, incident reporting, audits, third-party oversight, governance, testing, and information sharing. The document outlines potential penalties for noncompliance, the need for gap assessments and harmonization across jurisdictions, and emphasizes that entities both inside and outside the EU may be affected by these rules.

Afin d’accompagner le secteur financier dans sa préparation, l’ACPR a organisé une réunion de Place le 17 septembre 2025 à l’occasion de laquelle elle a présenté un état des lieux de la nouvelle règlementation et donné des précisions quant à son rôle et son organisation en matière de surveillance des systèmes d’IA.

The report discusses the growing threat of cyber risk to the EU's financial stability. Key points include:

• Cyber risk is a significant and systemic threat to the EU's financial sector, with increasing frequency and sophistication of attacks.

• Factors amplifying risk include geopolitical tensions, third-party IT dependencies, and the dual-edged impact of AI.

• The financial sector, including banks and insurers, faces tangible impacts from cyber threats.

• DORA is seen as a critical step requiring ongoing commitment to vigilance and resource allocation for digital infrastructure defense.

En France, l’Open Banking s’impose sous un impératif clair : protéger les données des utilisateurs. Le dernier rapport de l’ACPR rappelle que la confiance repose sur un cadre robuste, incarné par la directive européenne DSP2. Celle-ci impose une authentification renforcée et privilégie l’usage d’API standardisées, jugées plus sûres que le webscrapping. Les grands groupes bancaires ont déployé une gouvernance stricte, incluant tests, contrôles et mécanismes de secours. De son côté, le régulateur veille au respect de ces obligations grâce à une supervision en temps réel. L’enjeu : concilier sécurité maximale et fluidité d’usage.

The 𝗖𝗲𝗻𝘁𝗿𝗮𝗹 𝗕𝗮𝗻𝗸 𝗼𝗳 𝗜𝗿𝗲𝗹𝗮𝗻𝗱 guidance highlights 𝗰𝘆𝗯𝗲𝗿 𝗿𝗶𝘀𝗸𝘀 as a central component of 𝗼𝗽𝗲𝗿𝗮𝘁𝗶𝗼𝗻𝗮𝗹 𝗿𝗲𝘀𝗶𝗹𝗶𝗲𝗻𝗰𝗲 𝗶𝗻 𝗳𝗶𝗻𝗮𝗻𝗰𝗶𝗮𝗹 𝘀𝗲𝗿𝘃𝗶𝗰𝗲𝘀, framing them under 𝗜𝗖𝗧 𝗿𝗶𝘀𝗸 and 𝗱𝗶𝗴𝗶𝘁𝗮𝗹 𝗼𝗽𝗲𝗿𝗮𝘁𝗶𝗼𝗻𝗮𝗹 𝗿𝗲𝘀𝗶𝗹𝗶𝗲𝗻𝗰𝗲. It identifies cyber incidents and attacks as major disruptive events, alongside technology failures and insider threats. ICT risk is defined broadly, encompassing threats to systems, operations, and services. Firms are expected to align ICT resilience strategies with critical business services and integrate incident management into resilience frameworks. The guidance emphasizes alignment with 𝗗𝗢𝗥𝗔 and 𝗡𝗜𝗦𝟮, marking a regulatory shift from earlier cybersecurity guidance toward 𝙝𝙖𝙧𝙢𝙤𝙣𝙞𝙯𝙚𝙙, 𝙝𝙤𝙡𝙞𝙨𝙩𝙞𝙘 𝙧𝙚𝙨𝙞𝙡𝙞𝙚𝙣𝙘𝙚 𝙥𝙧𝙖𝙘𝙩𝙞𝙘𝙚𝙨.

The insurance industry in Europe is facing the immediate and growing financial impacts of climate change. It advocates for a comprehensive and collaborative approach to climate resilience, stressing the foundational importance of emissions reduction, robust prevention measures, and a proactive funding model. The industry emphasizes that effective solutions must be tailored to local contexts and require strong leadership and financial commitment from public authorities in collaboration with the private sector.

L’Autorité des marchés financiers (AMF) et le Bureau du surintendant des institutions financières (BSIF) ont publié un rapport issu de l’Exercice normalisé d’analyse de scénarios climatiques (ENASC) 2024, impliquant plus de 250 institutions financières canadiennes. Bien que les risques climatiques ne posent pas de menace immédiate au secteur, ils pourraient s’intensifier à long terme, révélant des vulnérabilités. L’exercice a permis d’évaluer les risques physiques et de transition, et de renforcer leur mesure. Le rapport préconise d’améliorer les données, les modélisations et l’intégration de ces risques dans les processus décisionnels. Les conclusions influenceront les attentes de surveillance des deux organismes.

This position paper from Insurance Europe outlines their response to the European Commission's consultation on supplementary pensions, specifically addressing pension tracking systems, pension dashboards, auto-enrolment, and a review of the Pan-European Personal Pension Product (PEPP) Regulation and the Institutions for Occupational Retirement Provision (IORP II) Directive. The document emphasizes the importance of national diversity in pension systems, advocating against "one-size-fits-all" EU-level measures. It provides feedback on the effectiveness and challenges of existing frameworks, offering suggestions for improvement while consistently highlighting the need for flexibility, proportionality, and respect for national specificities in any proposed reforms. The paper also discusses the limited uptake of PEPP due to its complex and restrictive design, and offers insights into optimizing IORP II for long-term investment and member protection.

The ESAs published their fourth annual report on voluntary disclosures of principal adverse impacts (PAIs) under the EU Sustainable Finance Disclosure Regulation (SFDR) on 9 September 2025. It records continued enhancement in the completeness and quality of PAI disclosures at both entity and product levels, especially among large multinational firms. Smaller entities, however, frequently merge general ESG messaging with SFDR reporting. National Competent Authorities noted uptake of previously highlighted good practices. The report also offers recommendations for NCAs’ supervisory roles and guidance for the European Commission ahead of SFDR’s next review.

EIOPA released a paper on September 8, 2025, providing technical input to support the development of supplementary pensions within the EU’s Savings and Investment Union framework. The paper outlines EIOPA’s views on enhancing pension systems, emphasizing consumer protection, financial stability, and sustainable finance. It proposes measures to improve access to pensions, strengthen governance, and align with EU regulatory frameworks like Solvency II and IORP II. The input aims to inform EU policy by addressing challenges in pension provision and promoting long-term savings.