Nos derniers articles

This comprehensive report from 𝗘𝗜𝗢𝗣𝗔 provides a 𝗳𝗼𝗹𝗹𝗼𝘄-𝘂𝗽 𝘁𝗼 𝗮 𝗽𝗲𝗲𝗿 𝗿𝗲𝘃𝗶𝗲𝘄 𝗼𝗻 𝗼𝘂𝘁𝘀𝗼𝘂𝗿𝗰𝗶𝗻𝗴, assessing the progress made by 𝗡𝗮𝘁𝗶𝗼𝗻𝗮𝗹 𝗦𝘂𝗽𝗲𝗿𝘃𝗶𝘀𝗼𝗿𝘆 𝗔𝘂𝘁𝗵𝗼𝗿𝗶𝘁𝗶𝗲𝘀 (𝗡𝗦𝗔𝘀) in strengthening their oversight of 𝗼𝘂𝘁𝘀𝗼𝘂𝗿𝗰𝗶𝗻𝗴 𝘄𝗶𝘁𝗵𝗶𝗻 𝘁𝗵𝗲 𝗶𝗻𝘀𝘂𝗿𝗮𝗻𝗰𝗲 𝘀𝗲𝗰𝘁𝗼𝗿. It details the 𝗺𝗲𝘁𝗵𝗼𝗱𝗼𝗹𝗼𝗴𝘆 used, the 𝘀𝗰𝗼𝗽𝗲 of the review, and the 𝗲𝘃𝗮𝗹𝘂𝗮𝘁𝗶𝗼𝗻 𝗰𝗿𝗶𝘁𝗲𝗿𝗶𝗮 applied to recommended actions. The document highlights 𝘀𝗶𝗴𝗻𝗶𝗳𝗶𝗰𝗮𝗻𝘁 𝗮𝗱𝘃𝗮𝗻𝗰𝗲𝗺𝗲𝗻𝘁𝘀 by NSAs in areas such as 𝗼𝘂𝘁𝘀𝗼𝘂𝗿𝗰𝗶𝗻𝗴 𝗳𝗿𝗮𝗺𝗲𝘄𝗼𝗿𝗸𝘀, 𝗻𝗼𝘁𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗽𝗿𝗼𝗰𝗲𝘀𝘀𝗲𝘀, 𝗮𝗻𝗱 𝗱𝗼𝗰𝘂𝗺𝗲𝗻𝘁𝗮𝘁𝗶𝗼𝗻 𝗺𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁, with many recommended actions being 𝗳𝘂𝗹𝗳𝗶𝗹𝗹𝗲𝗱 𝗼𝗿 𝗽𝗮𝗿𝘁𝗶𝗮𝗹𝗹𝘆 𝗳𝘂𝗹𝗳𝗶𝗹𝗹𝗲𝗱. However, it also identifies 𝗿𝗲𝗺𝗮𝗶𝗻𝗶𝗻𝗴 𝗴𝗮𝗽𝘀, particularly in 𝗼𝗳𝗳-𝘀𝗶𝘁𝗲 𝘀𝘂𝗽𝗲𝗿𝘃𝗶𝘀𝗶𝗼𝗻 and the 𝗳𝘂𝗹𝗹 𝗼𝗽𝗲𝗿𝗮𝘁𝗶𝗼𝗻𝗮𝗹𝗶𝘇𝗮𝘁𝗶𝗼𝗻 𝗼𝗳 𝘀𝘂𝗽𝗲𝗿𝘃𝗶𝘀𝗼𝗿𝘆 𝘁𝗼𝗼𝗹𝘀, emphasizing the need for 𝗰𝗼𝗻𝘁𝗶𝗻𝘂𝗲𝗱 𝗲𝘃𝗼𝗹𝘂𝘁𝗶𝗼𝗻 𝗼𝗳 𝘀𝘂𝗽𝗲𝗿𝘃𝗶𝘀𝗼𝗿𝘆 𝗽𝗿𝗮𝗰𝘁𝗶𝗰𝗲𝘀 to ensure effective and continuous oversight of outsourcing arrangements.

This consultation paper, issued by EIOPA, outlines proposed 𝗜𝗺𝗽𝗹𝗲𝗺𝗲𝗻𝘁𝗶𝗻𝗴 𝗧𝗲𝗰𝗵𝗻𝗶𝗰𝗮𝗹 𝗦𝘁𝗮𝗻𝗱𝗮𝗿𝗱𝘀 (𝗜𝗧𝗦) concerning resolution reporting for insurance and reinsurance companies as mandated by 𝗗𝗶𝗿𝗲𝗰𝘁𝗶𝘃𝗲 (𝗘𝗨) 𝟮𝟬𝟮𝟱/𝟭. It details the 𝗽𝗿𝗼𝗰𝗲𝗱𝘂𝗿𝗲𝘀, 𝘀𝘁𝗮𝗻𝗱𝗮𝗿𝗱 𝗳𝗼𝗿𝗺𝘀, 𝗮𝗻𝗱 𝘁𝗲𝗺𝗽𝗹𝗮𝘁𝗲𝘀 for insurers to provide information essential for drawing up and executing resolution plans. The document includes an 𝗶𝗺𝗽𝗮𝗰𝘁 𝗮𝘀𝘀𝗲𝘀𝘀𝗺𝗲𝗻𝘁 evaluating policy options for 𝗿𝗲𝗽𝗼𝗿𝘁𝗶𝗻𝗴 𝗳𝗿𝗲𝗾𝘂𝗲𝗻𝗰𝘆 and the 𝗹𝗲𝘃𝗲𝗹 𝗼𝗳 𝗱𝗲𝘁𝗮𝗶𝗹 𝗳𝗼𝗿 𝗹𝗶𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀 𝗿𝗲𝗽𝗼𝗿𝘁𝗶𝗻𝗴, ultimately favoring less frequent and less granular reporting to reduce the burden on undertakings. Additionally, it addresses 𝗱𝗮𝘁𝗮 𝗾𝘂𝗮𝗹𝗶𝘁𝘆, 𝘀𝘂𝗯𝗺𝗶𝘀𝘀𝗶𝗼𝗻 𝗳𝗼𝗿𝗺𝗮𝘁𝘀, 𝗮𝗻𝗱 𝘁𝗵𝗲 𝗽𝗿𝗼𝘃𝗶𝘀𝗶𝗼𝗻 𝗼𝗳 𝗮𝗱𝗱𝗶𝘁𝗶𝗼𝗻𝗮𝗹 𝗶𝗻𝗳𝗼𝗿𝗺𝗮𝘁𝗶𝗼𝗻, emphasizing cooperation between supervisory and resolution authorities and providing a 𝗽𝗿𝗶𝘃𝗮𝗰𝘆 𝘀𝘁𝗮𝘁𝗲𝗺𝗲𝗻𝘁 regarding data collection.
𝗢𝗽𝗲𝗻𝗶𝗻𝗴 𝗱𝗮𝘁𝗲 22 July 2025
𝗗𝗲𝗮𝗱𝗹𝗶𝗻𝗲 31 October 2025, 23:59 (CET)

This consultation package is aimed at easing the reporting burden on insurance and reinsurance companies under the Solvency II framework. The proposed amendments seek to reduce reporting requirements by at least 26% for solo undertakings and 36% for small and non-complex undertakings. Key changes include reducing template frequency, deleting annual templates, and introducing technical simplifications. The EIOPA expects these changes to substantially reduce the burden on European insurers without compromising policyholder protection or financial stability. Stakeholders can provide feedback via the EU Survey until October 10, 2025.

This study analyzed six years of 10-K filings from 45 firms affected by ransomware, labeling 6,282 cybersecurity-related statements. Findings show disclosures increasingly focus on prospective risks and mitigation strategies, but fewer than half mention incident responses, revealing a lack of transparency. Firms often fail to connect potential risks to actual damages, highlighting limited awareness of ransomware threats.

The Format for Incident Reporting Exchange (FIRE) is a framework developed by the FSB to standardize the reporting of cyber and operational incidents across borders. FIRE, created with private sector collaboration, aims to promote consistency, improve communication, and address the challenges of reporting to multiple authorities. It offers standardized information items and flexibility for various operational and cyber incidents, and can be used by third-party service providers and organizations outside the financial sector. The FSB provides a downloadable taxonomy package to facilitate FIRE's global adoption and plans to review its implementation in 2027.

The EBA published final draft ITS amending rules for internal model authorization under CRR, reflecting the EU Banking Package. Key changes include removing the use of internal models for operational risk (deleting AMA references) and updating references to supervisory college regulations. These ITS are based on CRR III amendments.

Major financial centers introduced varied climate disclosure rules, notably Scope 3 mandates. EU and California led with mandates, while the SEC proposed but later removed them in 2024. Challenges include accuracy, standardization, and compliance costs. EU provides institutional support, but the U.S. lacks it, raising reporting stakes.

"... compares two industries where legislative requirements differ, but it finds the same pattern: the ideals of enterprise risk management are being not implemented in practice."

"... operational risk remained the most prominent major risk type after the outbreak of Covid-19, and that disclosures of operational risk increased by 5.19% compared with the samples from before the outbreak. The drivers of operational risk also changed, with significant increases in disclosure of litigation risk, transaction modes and product and service problems as a proportion of total disclosures. In addition, two emerging operational risk drivers identified during the pandemic are data safeguarding and goodwill impairment."

"There is currently limited information on and a lack of a unified approach to AI and ESG, and a need for tools for systematically assessing and disclosing the ESG related impacts of AI and data capabilities. I here propose the AI ESG protocol, which is a flexible high-level tool for evaluating and disclosing such impacts..."