This Final Report (EBA/RTS/2025/03) presents draft Regulatory Technical Standards (RTS) under the Capital Requirements Regulation (CRR) III. It addresses three mandates:
• An operational risk taxonomy with Level 1 event types, Level 2 categories and supplementary attributes (including ESG and ICT risks), to standardise how institutions classify loss events.
• Criteria for deeming the annual‑operational‑risk loss calculation “unduly burdensome” for certain institutions, allowing temporary waivers.
• Rules for adjusting loss‑data sets when firms merge or acquire entities, including currency conversion, re‑classification and fallback proxies.
2 résultats
pour « ICT reporting »
ESAs: Centralisation of major ICT incident reporting
The ESAs report explores centralizing ICT incident reporting for the financial sector under DORA. Three models are considered: baseline, enhanced sharing, and full centralization. The report, developed with input from various stakeholders, aims to inform future decisions on incident reporting centralization.