Nos derniers articles

The 𝗖𝗲𝗻𝘁𝗿𝗮𝗹 𝗕𝗮𝗻𝗸 𝗼𝗳 𝗜𝗿𝗲𝗹𝗮𝗻𝗱 guidance highlights 𝗰𝘆𝗯𝗲𝗿 𝗿𝗶𝘀𝗸𝘀 as a central component of 𝗼𝗽𝗲𝗿𝗮𝘁𝗶𝗼𝗻𝗮𝗹 𝗿𝗲𝘀𝗶𝗹𝗶𝗲𝗻𝗰𝗲 𝗶𝗻 𝗳𝗶𝗻𝗮𝗻𝗰𝗶𝗮𝗹 𝘀𝗲𝗿𝘃𝗶𝗰𝗲𝘀, framing them under 𝗜𝗖𝗧 𝗿𝗶𝘀𝗸 and 𝗱𝗶𝗴𝗶𝘁𝗮𝗹 𝗼𝗽𝗲𝗿𝗮𝘁𝗶𝗼𝗻𝗮𝗹 𝗿𝗲𝘀𝗶𝗹𝗶𝗲𝗻𝗰𝗲. It identifies cyber incidents and attacks as major disruptive events, alongside technology failures and insider threats. ICT risk is defined broadly, encompassing threats to systems, operations, and services. Firms are expected to align ICT resilience strategies with critical business services and integrate incident management into resilience frameworks. The guidance emphasizes alignment with 𝗗𝗢𝗥𝗔 and 𝗡𝗜𝗦𝟮, marking a regulatory shift from earlier cybersecurity guidance toward 𝙝𝙖𝙧𝙢𝙤𝙣𝙞𝙯𝙚𝙙, 𝙝𝙤𝙡𝙞𝙨𝙩𝙞𝙘 𝙧𝙚𝙨𝙞𝙡𝙞𝙚𝙣𝙘𝙚 𝙥𝙧𝙖𝙘𝙩𝙞𝙘𝙚𝙨.

The draft strengthens governance arrangements, clarifies management body roles, and enhances oversight of internal control, risk management, and compliance functions. It incorporates ICT and security risk management in line with DORA, requiring institutions to integrate digital operational resilience into governance frameworks. The revisions also address anti-money laundering, conflicts of interest, and gender-neutral remuneration. Stakeholders can submit feedback until October 2025, with final guidelines to replace the 2017 version.

The paper 𝙏𝙝𝙚 𝙍𝙚𝙜𝙪𝙡𝙖𝙩𝙞𝙤𝙣 𝙤𝙛 𝘿𝙖𝙩𝙖 𝙋𝙧𝙞𝙫𝙖𝙘𝙮 𝙖𝙣𝙙 𝘾𝙮𝙗𝙚𝙧𝙨𝙚𝙘𝙪𝙧𝙞𝙩𝙮 by Jasmin Gider (Tilburg University - Tilburg University School of Economics and Management), Luc Renneboog (Tilburg University - Department of Finance), and Tal Strauss (European Central Bank ECB) compares and contrasts the regulatory landscapes of data privacy and cybersecurity in the EU and the US. It outlines the fragmented nature of US regulations, often relying on state-specific laws and sectoral approaches, in contrast to the EU's more unified framework like 𝗚𝗗𝗣𝗥 and 𝗡𝗜𝗦 Directives. The text details the increasing costs and frequency of cyber incidents, emphasizing the insufficient mandatory disclosure requirements in both regions. Furthermore, it identifies gaps in current legislation and ongoing efforts, such as the 𝗘𝗨'𝘀 𝗖𝘆𝗯𝗲𝗿 𝗥𝗲𝘀𝗶𝗹𝗶𝗲𝗻𝗰𝗲 𝗔𝗰𝘁 and the US.'s 𝗖𝗜𝗥𝗖𝗜𝗔, to enhance 𝗱𝗶𝗴𝗶𝘁𝗮𝗹 𝗿𝗲𝘀𝗶𝗹𝗶𝗲𝗻𝗰𝗲 and address underinvestment in 𝗰𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆.

The ESAs DORA guide explains the framework's objectives, principles, structure, activities, processes, and expected outcomes. It covers CTPP designation based on criticality, risk assessment, and detailed oversight activities including ongoing monitoring, requests for information, general investigations, and inspections. The document also outlines the issuance of non-binding recommendations for identified deficiencies and subsequent follow-up procedures to ensure compliance, ultimately aiming to enhance digital operational resilience and financial system stability across the EU.

These proposed guidelines update the 2019 EBA Guidelines on Outsourcing to align with the Digital Operational Resilience Act (DORA). Key aspects include:
◾ 𝗥𝗶𝘀𝗸 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 𝗙𝗿𝗮𝗺𝗲𝘄𝗼𝗿𝗸: Financial entities must assess, monitor and mitigate risks throughout the third-party arrangement lifecycle, including due diligence, contractual phases and exit strategies.
◾ 𝗣𝗿𝗼𝗽𝗼𝗿𝘁𝗶𝗼𝗻𝗮𝗹𝗶𝘁𝘆 𝗣𝗿𝗶𝗻𝗰𝗶𝗽𝗹𝗲: The guidelines provide specific criteria for applying proportionality, limiting documentation burdens on financial entities and authorities.
◾ 𝗖𝗼𝗻𝘀𝗶𝘀𝘁𝗲𝗻𝗰𝘆 𝘄𝗶𝘁𝗵 𝗗𝗢𝗥𝗔: A single register can be used for both ICT and non-ICT services, streamlining information storage and reducing administrative burdens.
◾ 𝗧𝗿𝗮𝗻𝘀𝗶𝘁𝗶𝗼𝗻 𝗣𝗲𝗿𝗶𝗼𝗱: Financial entities have two years to review and amend existing arrangements and update their registers.

The consultation runs until October 8, 2025, allowing stakeholders to provide feedback on the draft guidelines.

Cette cartographie annuelle des risques, souligne la résilience des marchés financiers malgré un contexte mondial incertain marqué par des tensions géopolitiques et commerciales. L'AMF constate une volatilité accrue sur toutes les classes d'actifs qui devrait persister. Les prévisions de croissance mondiale ont été revues à la baisse. Bien que les marchés aient fait preuve de résilience face aux ajustements récents, des risques de correction futurs subsistent. La gestion d'actifs française a bien résisté, mais l'AMF reste vigilante sur les fonds immobiliers commerciaux et les actifs illiquides. Les cyberattaques sont en hausse, et l'entrée en vigueur du règlement DORA vise à renforcer la résilience opérationnelle.

Insurance Europe advocates for simplifying EU digital regulations, including the Cybersecurity Act and upcoming digital omnibus initiatives, to alleviate compliance burdens. The organization seeks to reduce overlaps and duplications in cybersecurity reporting, particularly under DORA, GDPR, and other horizontal legislations. They propose aligning cyber reporting mechanisms and centralizing notifications to multiple national agencies. Additionally, Insurance Europe supports stakeholder involvement in cybersecurity certification development, emphasizing that certification should remain voluntary. Concerns have been raised regarding the European Cybersecurity Certification Scheme for Cloud Services (EUCS), specifically regarding a lack of transparency and the inclusion of sovereignty requirements that could limit service provider choice and increase costs for insurers.

The German and European banking sector is undergoing rapid transformation due to digitalization, ESG integration, regulatory changes, demographic shifts, and increased competition from FinTechs. Key challenges include managing complexity, leveraging AI and data, optimizing business models, and ensuring resilience and security. Banks must adapt quickly to survive, with successful integration of AI and ESG being crucial. Consolidation and evolution towards technology-driven or platform-based approaches are likely. Banks face a "transformation trilemma" of managing digital, regulatory, and ESG changes while maintaining profitability.
THE PAPER IS IN GERMAN

« Dans le contexte de la mise en œuvre de DORA, l’ACPR vient, à travers la mise à jour de sa FAQ, préciser certaines informations relatives aux nouvelles obligations qui s’appliquent aux entités financières concernant notamment : les modalités de remise du registre d’information, la réalisation de tests d’intrusion ou le champ d’application de cette nouvelle règlementation. »

« Le règlement européen sur la résilience opérationnelle numérique du secteur financier (DORA) établit un cadre commun pour la gestion des risques liés aux technologies de l'information et de la communication (TIC). Il définit des règles en matière de cyber-sécurité et de gestion des risques informatiques qui s’appliquent à un grand nombre d’entités financières. »