IT Security Regulatory Update | February 2024

Focus: BigTech in the financial sector, 8th MaRisk amendment and Cyber Solidarity Act

← The diverse world of databases | 11.03.24 Relational databases - Definition, Overview & Context | 14.03.24 →

Highlight from February 2024

EU Parliament looks at BigTech in the financial sector

Due to the significant impact of service providers and BigTech in particular on the EU, the European Parliament is taking a closer look and makes recommendations for action.

“Stay up to date with our monthly regulatory update on IT Security Management!”

BigTech in the financial sector and its impact on the EU

The provision of financial services by large digital groups not only influences the EU’s growth model, but also highlights regulatory uncertainties. The European Parliament sees risks primarily in the context of financial stability, data protection, cybersecurity, and resilience in the financial sector. As many BigTechs are not headquartered in the EU, geostrategic aspects must also be taken into account.

The EU Parliament notes that the regulatory landscape is heterogeneous. Although new and appropriate rules apply within the EU, the standards are not sufficient on an international level and are being expanded by different national approaches. However, as the provision of financial services by BigTech is fundamentally cross-border, consistent and uniform regulation is desirable.

Image of a high-rise building photographed from bottom to top

Due to this cross-border nature, the EU Parliament considers BigTech in the financial sector to be a global challenge. To address this, it makes recommendations as part of the study. These aim to strengthen and harmonize the regulation of BigTech financing at international level and in the EU.

The recommendations can be summarized as follows:

Holistic or hybrid international regulatory approach
Improving international cooperation between the various regulatory authorities
Bilateral cooperation between BigTech Finance, the US and the EU, the UK and the EU or a unilateral approach by the EU
Establishment of a cross-industry regulatory forum

You can find the study of the EU Parliament here on its website.

Source: © European Union, 2022 — EP

BaFin consults on 8th MaRisk amendment

Last year, the 7th MaRisk amendment was published by BaFin (read more here), which dealt with lending and loan monitoring, real estate, securities trading in the home office and sustainability. Following the focus on information and IT security in the 6th MaRisk amendment, these topics did not play an overriding role in the 7th amendment.

This continues in the now published consultation version of the 8th MaRisk amendment. It focuses on the full integration of the EBA guidelines on interest rate risk and credit spread risk in the banking book, which you can find here on the EBA website. Institutions will find the majority of the changes in BTR 5 relating to risk management and controlling processes for credit spread risks and in BTR 2.3 for the management of interest rate risks.

BaFin will accept comments for consultation until 14.03.2024.

The consultation version of the 8th MaRisk amendment can be found here on the BaFin website.

Source: © German Federal Financial Supervisory Authority / www.bafin.de

The Cyber Solidarity Act faces trilogue negotiations

The European Parliament describes the introduction of an EU “Cyber Solidarity Act” as a response to the increasing dependence on digital technology and the resulting vulnerability to cyberattacks, particularly on critical infrastructure.

This legislative proposal aims to strengthen the EU’s solidarity and capacity to detect, prepare for and respond to cyber threats and incidents. The proposal comprises three pillars: the establishment of a European cyber shield, the creation of a cybersecurity emergency mechanism and the establishment of a mechanism to review cybersecurity incidents.

The proposal was introduced on April 18, 2023, and has already gone through various stages of legislation. Details on the initiative can be found here in our Regulatory Update from April 2023.
The EU Council and Parliament are currently finalizing the proposed text, which will then enter the trilogue negotiations next.

You can find the Parliament’s briefing on the current status here on its website.

Cyber risks and inconsistent regulatory landscapes are not only a challenge at European level, but also internationally. The European Parliament attributes this primarily to financial services provided by BigTech — and recommends internationally holistic regulatory approaches, better cooperation and dialog.

At ADWEKO, we keep an eye on national, European, and international regulations for you.

The current regulatory developments can be found here.

First law to amend the Federal Data Protection Act

Cookie	Duration	Description
cookielawinfo-checkbox-analytics		This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional		The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary		This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others		This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance		This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy		The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.