The ESAs DORA guide explains the framework's objectives, principles, structure, activities, processes, and expected outcomes. It covers CTPP designation based on criticality, risk assessment, and detailed oversight activities including ongoing monitoring, requests for information, general investigations, and inspections. The document also outlines the issuance of non-binding recommendations for identified deficiencies and subsequent follow-up procedures to ensure compliance, ultimately aiming to enhance digital operational resilience and financial system stability across the EU.
EIOPA submitted three draft technical standards and one revised guideline to the European Commission to support the implementation of the updated Solvency II Directive. The documents address criteria for identifying insurance groups under dominant or unified control, assessing cross-border activity relevance, updating lists of regional authorities for capital calculations, and revising guidance on undertaking-specific parameters. The Commission has three months to decide on adoption. These measures aim to clarify supervisory responsibilities, enhance cross-border oversight, and align technical rules with current legal frameworks, contributing to more effective and coordinated insurance supervision across the EU.
This consultation package is aimed at easing the reporting burden on insurance and reinsurance companies under the Solvency II framework. The proposed amendments seek to reduce reporting requirements by at least 26% for solo undertakings and 36% for small and non-complex undertakings. Key changes include reducing template frequency, deleting annual templates, and introducing technical simplifications. The EIOPA expects these changes to substantially reduce the burden on European insurers without compromising policyholder protection or financial stability. Stakeholders can provide feedback via the EU Survey until October 10, 2025.
This study develops a machine learning framework to identify high-risk enterprise financial reports, comparing Support Vector Machine, Random Forest, and K-Nearest Neighbors models. Using 2020–2025 audit data from the Big Four firms, Random Forest showed the highest performance (F1-score: 0.9012), excelling in detecting fraud and compliance issues. While KNN struggled with high-dimensional data, SVM performed well but was computationally intensive. The study highlights the potential of machine learning in auditing but notes limitations, including reliance on structured data and exclusion of external economic factors.
These proposed guidelines update the 2019 EBA Guidelines on Outsourcing to align with the Digital Operational Resilience Act (DORA). Key aspects include:
◾ 𝗥𝗶𝘀𝗸 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 𝗙𝗿𝗮𝗺𝗲𝘄𝗼𝗿𝗸: Financial entities must assess, monitor and mitigate risks throughout the third-party arrangement lifecycle, including due diligence, contractual phases and exit strategies.
◾ 𝗣𝗿𝗼𝗽𝗼𝗿𝘁𝗶𝗼𝗻𝗮𝗹𝗶𝘁𝘆 𝗣𝗿𝗶𝗻𝗰𝗶𝗽𝗹𝗲: The guidelines provide specific criteria for applying proportionality, limiting documentation burdens on financial entities and authorities.
◾ 𝗖𝗼𝗻𝘀𝗶𝘀𝘁𝗲𝗻𝗰𝘆 𝘄𝗶𝘁𝗵 𝗗𝗢𝗥𝗔: A single register can be used for both ICT and non-ICT services, streamlining information storage and reducing administrative burdens.
◾ 𝗧𝗿𝗮𝗻𝘀𝗶𝘁𝗶𝗼𝗻 𝗣𝗲𝗿𝗶𝗼𝗱: Financial entities have two years to review and amend existing arrangements and update their registers.
The consultation runs until October 8, 2025, allowing stakeholders to provide feedback on the draft guidelines.
The AMRAE study describes 2024 as a positive year for the cyber insurance market, with rising but manageable claim numbers. There's a notable increase in cyber insurance uptake, especially among intermediate and medium-sized businesses, suggesting broader market penetration.
For the first time in five years, premium volume slightly dropped, with an average 18% reduction in annual premium rates for large companies and declining deductibles, indicating increased market flexibility.
However, the report identifies emerging concerns. Claims and payouts for large companies are increasing significantly. Also, a slight capacity increase is not commensurate with rate decreases, suggesting large companies may have reduced budgets more than they've expanded capacity. The study emphasizes the continued importance of accurate cyber risk exposure measurement given geopolitical tensions and new attack vectors.
Financial institutions are increasingly dependent on third-party service providers (TPSPs), raising concerns about systemic risks due to limited transparency. While the EU and U.K. have introduced formal oversight regimes, the U.S. relies on industry cooperation and micro-prudential supervision. A recent case study highlights financial stability risks from a payments disruption linked to a TPSP. As rapid technological change reshapes the financial sector, vulnerabilities from TPSP concentration and interconnectedness may grow. Greater understanding is needed to assess these risks and inform potential oversight responses.
The European Commission’s AI Continent Action Plan emphasizes the need to significantly expand cloud and data center capacity across the EU to support AI and digital infrastructure goals. The Cloud and AI Development Act aims to incentivize investment and triple current capacity within seven years. The insurance sector supports this approach but warns against restrictive sovereignty measures that could exclude non-EU providers without viable alternatives. It advocates for flexible, risk-based cloud definitions and support for hybrid strategies. The sector stresses that capacity-building, not protectionism, is key to achieving digital sovereignty while maintaining innovation, competitiveness, and international interoperability.
The ESAs and the EU’s new Anti-Money Laundering Authority (AMLA) have signed a multilateral Memorandum of Understanding to formalize cooperation and information exchange. The agreement outlines procedures for coordination and data sharing to support effective supervision across the EU’s financial sector. It aims to enhance supervisory convergence, foster cross-sector learning, and improve consistency in applying AML/CFT rules. This MoU is part of AMLA’s broader mandate to strengthen EU-wide oversight and coordinate with national authorities and Financial Intelligence Units in combating financial crime.
En 2024, Tracfin a franchi le cap des 200 000 déclarations de soupçon, avec 211 165 signalements (+13,2 % par rapport à 2023), reflétant l’engagement croissant des 50 professions assujetties à la lutte contre le blanchiment de capitaux (LCB-FT). Le secteur financier domine (93,1 %), mais le non-financier progresse (+25,7 %), notamment les opérateurs d’art (+254,4 %). Deux nouvelles professions, les entreprises de jeux numériques et gestionnaires de crédit, intègrent le dispositif. Tracfin renforce la qualité des déclarations via des échanges avec les déclarants et consolide sa coopération internationale, notamment avec l’AMLA et le Groupe Egmont.