IT Security Regulatory Update | October 2023
Focus: EBA priorities in 2024, Financial Market Digitalization Act, DORA
Highlight from October 2023
EBA sets sail for 2024
As part of its supervisory work program and the European Supervisory Examination Programme, the European banking authority is laying the foundations for the coming year. Among other things, it focuses on the implementation of the monitoring as part of DORA.
“Stay up to date with our monthly regulatory update on IT Security Management!”
EBA wants to focus on five topics in 2024
In its work program, the EBA defines five focus areas for its supervisory work until 2026. The focus over the next two years will therefore be on
- the effective and proportional implementation of the Single Rulebook,
- the promotion of financial stability in a sustainable economy,
- the creation of integrated systems for the regulatory reporting for authorities and market discipline,
- the establishment and launch of DORA monitoring and supervision under MiCAR,
- increasing the focus on innovation and consumers to enable a smooth transition to the new anti-money laundering and countering the financing of terrorism (AML/CFT ) frameworks.
The EBA intends to underpin these medium-term goals in 2024 as follows: The Basel framework is to be implemented in the EU and the Single Rulebook is to be promoted. The EBA also plans to monitor financial stability and sustainability in an environment of rising interest rates and growing uncertainty. They also intend to provide data infrastructures as part of the supervisory reporting system and create the capacities for monitoring and supervision as part of DORA and MiCAR. Finally, they plan to improve innovation and consumer protection in preparation for the transition to the new AML and CFT frameworks.
You can find the EBA’s work program for 2024 here.
Source: European Banking Authority – EBA, eba.europa.eu
In addition, the EBA addressed the priorities for supervisory monitoring in the new year as part of the European Supervisory Examination Program (ESEP). The ESEP is part of the EBA’s supervisory mandate and serves to promote supervisory convergence, as required by the EBA Regulation and the CRD.
Focus topics for 2024 are
- Liquidity and financing risks,
- Interest rate risks and hedging,
- Operationalization of recoveries.
Some of these topics were already part of the focus of the ESEP in 2023, but have become even more important in the wake of current market developments.
Furthermore, two topics of Union-wide importance (so-called USSP) were identified, which are already known from the authority’s work program: financial stability and sustainability in the current economic environment as well as monitoring under DORA and supervision under MiCAR.
You can find the EBA’s ESEP here on their website.
Source: European Banking Authority – EBA, eba.europa.eu
Draft of the Financial Market Digitalization Act published
In various legal acts within the EU, the focus is on the digitalization of the financial sector. In order to comply with some of the current European regulations and directives on the level of German legislation and in order to implement them on time, the Federal Ministry of Finance has drafted an Act on the Digitalization of the Financial Market (FinmadiG).
This implementing and accompanying law addresses the topics of cryptoassets (MiCA), money transfers (Money Transfers Act) and digital operational resilience (DORA and associated directive). Major implementations are required, particularly in the course of cryptoassets, so that a Crypto Markets Supervision Act (KMAG) is to be published as part of the FinmadiG.
In addition, amendments to various legal acts are planned to take account of the focus topics of the three regulatory complexes. These include the German Banking Act (KWG), the German Insurance Supervision Act (VAG), the German Payment Services Supervision Act (ZAG) and the German Investment Code (KAGB). In the context of the DORA,in particular supervisory powers for the federal and state supervisory authorities are documented here, including the monitoring of penetration tests and the imposition of fines.
The draft bill of the Federal Ministry of Finance can be found here.
Source: © Federal Ministry of Finance – bundesfinanzministerium.de
BaFin publishes collected information on DORA
BaFin dedicates an entire website to DORA (similar to the one we have here), where they collect the essential information about the act.
As of October, it addresses various aspects on the website. In addition to highlighting the focus topics of DORA, they also discuss its background and implementation in Germany. They also present ongoing and completed consultations under the act and conclude with information on what financial companies should at least know about the regulation.
On this website, BaFin also links to the BMF’s draft bill, which is discussed in the previous article. Feedback thereto is possible until November 13. As a next step, the second wave of ESA consultations is to be expected, which will be published for public consultation in November or December.
You can find the BaFin website about DORA here.
Source: © German Federal Financial Supervisory Authority / www.bafin.de
You can find our ADWEKO website on digital operational resilience here. We plan to give you further insights into the topics surrounding DORA there.
Knowing the focus topics of supervisory authorities is definitely an advantage for financial companies. With a large number of relevant regulations and projects in an economically rather tense situation, regulatory priorities can help with prioritization. In this light, it is clear that financial companies should not lose sight of DORA. DORA is a focus for the EBA at both work program and ESEP level.
We at ADWEKO will be happy to assist you with the implementation of the DORA and other projects.
- BSI surveys KRITIS operators on the effectiveness of the IT Security Act
- ESAs respond to the Commission’s Call for Advice on critical ICT third-party service providers
- European Commission asks for feedback on security requirements for the certification of ICT products
- European Parliament provides information on the Directive on enhancing the cybersecurity of EU public sector bodies
- BSI provides brochure on the cyber security network
- BSI publishes management flashlight on risk management in the supply chain
- BSI publishes management flashlight on the Zero Trust approach to information security
- BSI publishes documents on the path to basic protection: Checklist, flyer, management summary and procedure
- BSI offers self-assessment test for IT security
- BCBS looks at turbulent banking sector in 2023
- ESAs publish work program for 2024
- EIOPA publishes work program for 2024 together with updated strategy for 2024-2026
- EIOPA publishes Digital Strategy to guide consumers, markets and supervision through the digital transformation
- FSB publishes annual report on financial stability
- EU Commission publishes work program for 2024
- BSI looks at IT baseline protection as the foundation of information security
- BSI sheds light on the ISO 27001 certification process
- BSI looks back on 15 years of IS revision
- Deutsche Bahn reports on audits at the BSI’s 4th IT-Grundschutz Day
- BSI and ZeDIS consider the use of tools in the ISMS
- BSI provides outlook on basic IT protection
talk to
Pia Streicher!