Operational resilience
The asset management industry is heavily reliant on information and communication technology (ICT). This trend is only set to intensify, on the back of fresh digital-technology challenges, including improvement of data availability, digitalization of assets, new processes in custody and settlement.
Against this backdrop, EFAMA has become increasingly more active on the topics of operational resilience and cybersecurity, supporting the European Commission’s intent to develop a harmonised framework for ICT risks and operational resilience. Principles and risk-based requirements should enable firms to implement controls that are future-proof, flexible, proportionate, and commensurate to the risks. On this basis, EFAMA is engaging with policy makers negotiating the Digital Operational Resilience Act (DORA) and contributing to cyber-prevention also jointly with other trade associations.
EFAMA's views on further criteria for critical ICT Third Party Service Providers (CTPPs) and oversight fees levied on such providers
EFAMA responds to Commission consultation on digital operational (cyber) resilience in financial services
As players in a globalised and technologically-driven financial services industry, asset management companies face cyber-security risks on a daily basis. Cyber-attacks aim mainly at obtaining, or restricting access to, sensitive data, related to clients and/or to portfolio construction and composition, trading and risk management, among other asset management functions.
Proposed changes to DORA require more proportionality and simplicity
EFAMA has responded to the public consultations launched by the European Supervisory Authorities’ (ESAs) on draft regulatory technical standards (RTS) and implementing technical standards (ITS) supplementing the Digital Operational Resilience Act (DORA). Their purpose is to establish further details on the core elements of this regulation harmonising how information and communication technology (ICT) risks are to be addressed in the financial sector.
ESAs consultation paper on draft RTS on specifying the criteria for the classification of ICT related incidents, materiality thresholds for major incidents and significant cyber threats under regulation (EU) 2022/2554
ESAs consultation paper on draft ITS to establish templates composing the register of information in relation to all contractual arrangements on the use of ICT services provided by ICT third-party service providers as mandated by regulation (EU) 2022/2554
