Nos derniers articles

The ESAs DORA guide explains the framework's objectives, principles, structure, activities, processes, and expected outcomes. It covers CTPP designation based on criticality, risk assessment, and detailed oversight activities including ongoing monitoring, requests for information, general investigations, and inspections. The document also outlines the issuance of non-binding recommendations for identified deficiencies and subsequent follow-up procedures to ensure compliance, ultimately aiming to enhance digital operational resilience and financial system stability across the EU.

These proposed guidelines update the 2019 EBA Guidelines on Outsourcing to align with the Digital Operational Resilience Act (DORA). Key aspects include:
◾ 𝗥𝗶𝘀𝗸 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 𝗙𝗿𝗮𝗺𝗲𝘄𝗼𝗿𝗸: Financial entities must assess, monitor and mitigate risks throughout the third-party arrangement lifecycle, including due diligence, contractual phases and exit strategies.
◾ 𝗣𝗿𝗼𝗽𝗼𝗿𝘁𝗶𝗼𝗻𝗮𝗹𝗶𝘁𝘆 𝗣𝗿𝗶𝗻𝗰𝗶𝗽𝗹𝗲: The guidelines provide specific criteria for applying proportionality, limiting documentation burdens on financial entities and authorities.
◾ 𝗖𝗼𝗻𝘀𝗶𝘀𝘁𝗲𝗻𝗰𝘆 𝘄𝗶𝘁𝗵 𝗗𝗢𝗥𝗔: A single register can be used for both ICT and non-ICT services, streamlining information storage and reducing administrative burdens.
◾ 𝗧𝗿𝗮𝗻𝘀𝗶𝘁𝗶𝗼𝗻 𝗣𝗲𝗿𝗶𝗼𝗱: Financial entities have two years to review and amend existing arrangements and update their registers.

The consultation runs until October 8, 2025, allowing stakeholders to provide feedback on the draft guidelines.

Cette cartographie annuelle des risques, souligne la résilience des marchés financiers malgré un contexte mondial incertain marqué par des tensions géopolitiques et commerciales. L'AMF constate une volatilité accrue sur toutes les classes d'actifs qui devrait persister. Les prévisions de croissance mondiale ont été revues à la baisse. Bien que les marchés aient fait preuve de résilience face aux ajustements récents, des risques de correction futurs subsistent. La gestion d'actifs française a bien résisté, mais l'AMF reste vigilante sur les fonds immobiliers commerciaux et les actifs illiquides. Les cyberattaques sont en hausse, et l'entrée en vigueur du règlement DORA vise à renforcer la résilience opérationnelle.

Insurance Europe advocates for simplifying EU digital regulations, including the Cybersecurity Act and upcoming digital omnibus initiatives, to alleviate compliance burdens. The organization seeks to reduce overlaps and duplications in cybersecurity reporting, particularly under DORA, GDPR, and other horizontal legislations. They propose aligning cyber reporting mechanisms and centralizing notifications to multiple national agencies. Additionally, Insurance Europe supports stakeholder involvement in cybersecurity certification development, emphasizing that certification should remain voluntary. Concerns have been raised regarding the European Cybersecurity Certification Scheme for Cloud Services (EUCS), specifically regarding a lack of transparency and the inclusion of sovereignty requirements that could limit service provider choice and increase costs for insurers.

The German and European banking sector is undergoing rapid transformation due to digitalization, ESG integration, regulatory changes, demographic shifts, and increased competition from FinTechs. Key challenges include managing complexity, leveraging AI and data, optimizing business models, and ensuring resilience and security. Banks must adapt quickly to survive, with successful integration of AI and ESG being crucial. Consolidation and evolution towards technology-driven or platform-based approaches are likely. Banks face a "transformation trilemma" of managing digital, regulatory, and ESG changes while maintaining profitability.
THE PAPER IS IN GERMAN

« Dans le contexte de la mise en œuvre de DORA, l’ACPR vient, à travers la mise à jour de sa FAQ, préciser certaines informations relatives aux nouvelles obligations qui s’appliquent aux entités financières concernant notamment : les modalités de remise du registre d’information, la réalisation de tests d’intrusion ou le champ d’application de cette nouvelle règlementation. »

« Le règlement européen sur la résilience opérationnelle numérique du secteur financier (DORA) établit un cadre commun pour la gestion des risques liés aux technologies de l'information et de la communication (TIC). Il définit des règles en matière de cyber-sécurité et de gestion des risques informatiques qui s’appliquent à un grand nombre d’entités financières. »

The EBA amended its ICT and security risk management guidelines due to DORA. The guidelines now apply only to entities covered by DORA (credit institutions, payment institutions, etc.) and focus solely on payment service user relationship management. PSD2 security and operational risk requirements still apply to other payment service providers not under DORA.

The ESAs report explores centralizing ICT incident reporting for the financial sector under DORA. Three models are considered: baseline, enhanced sharing, and full centralization. The report, developed with input from various stakeholders, aims to inform future decisions on incident reporting centralization.

The paper reviews the DORA Regulation, highlighting challenges in supervisory convergence, solution centralization, and oversight fragmentation. It argues that despite DORA's positive steps for digital resilience, Europe's fragmented supervision system hampers its effectiveness. The authors suggest that a more centralized, cross-sectoral supervisory approach is needed for better regulation and supervision.