Operational resilience
The asset management industry is heavily reliant on information and communication technology (ICT). This trend is only set to intensify, on the back of fresh digital-technology challenges, including improvement of data availability, digitalization of assets, new processes in custody and settlement.
Against this backdrop, EFAMA has become increasingly more active on the topics of operational resilience and cybersecurity, supporting the European Commission’s intent to develop a harmonised framework for ICT risks and operational resilience. Principles and risk-based requirements should enable firms to implement controls that are future-proof, flexible, proportionate, and commensurate to the risks. On this basis, EFAMA is engaging with policy makers negotiating the Digital Operational Resilience Act (DORA) and contributing to cyber-prevention also jointly with other trade associations.
ESAs consultation paper on draft RTS on specifying the criteria for the classification of ICT related incidents, materiality thresholds for major incidents and significant cyber threats under regulation (EU) 2022/2554
ESAs consultation paper on draft ITS to establish templates composing the register of information in relation to all contractual arrangements on the use of ICT services provided by ICT third-party service providers as mandated by regulation (EU) 2022/2554
ESA's consultation paper on draft RTS to further harmonise ICT Risk Management Tools, methods, processes and policies as mandated under article 15 and 16(3) of regulation (EU) 2022/2554.
Proposed changes to DORA require more proportionality and simplicity
EFAMA has responded to the public consultations launched by the European Supervisory Authorities’ (ESAs) on draft regulatory technical standards (RTS) and implementing technical standards (ITS) supplementing the Digital Operational Resilience Act (DORA). Their purpose is to establish further details on the core elements of this regulation harmonising how information and communication technology (ICT) risks are to be addressed in the financial sector.
ESAs consultation paper on draft RTS on specifying the criteria for the classification of ICT related incidents, materiality thresholds for major incidents and significant cyber threats under regulation (EU) 2022/2554
ESAs consultation paper on draft ITS to establish templates composing the register of information in relation to all contractual arrangements on the use of ICT services provided by ICT third-party service providers as mandated by regulation (EU) 2022/2554
