Fintech Focus Podcast | Navigating IT and Security Risks in Fintechs in Light of Impending DORA Deadline
The European Parliament's Committee on Economic and Monetary Affairs (ECON) has released a draft report (dated 14 May) and motion for a European Parliament resolution on the impact of artificial intelligence (AI) on the...more
As regulatory frameworks tighten and cybersecurity threats grow in complexity, operational resilience is, now more than ever, a boardroom challenge for banks....more
The Financial Services Regulatory Initiatives Forum (the Forum) has published the Regulatory Initiatives Forum Grid (the Grid), with the UK Financial Conduct Authority (FCA) also updating its webpage. The previous Grid was...more
The Financial Stability Board (FSB) has published its finalised Format for Incident Reporting Exchange (FIRE), together with a press release and updated webpage. FIRE provides a standardised format for financial institutions...more
Introduction to DORA and its Implications - As of Jan.17, 2025, the European Union’s Digital Operational Resilience Act (DORA) became enforceable. This new regulatory framework significantly impacts financial institutions and...more
The European Commission (EC) has announced that it has opened infringement procedures by sending a letter of formal notice to 13 Member States (Belgium, Bulgaria, Denmark, Greece, Spain, France, Latvia, Lithuania, Malta,...more
The EU Digital Operational Resilience Act (DORA) took effect on 17 January 2025 after a two-year implementation period. DORA sets out new requirements for financial entities (FEs) and their information technology and...more
The European Securities and Markets Authority (ESMA) has published official translations of its guidelines on situations in which a third-country firm is deemed to solicit clients established or situated in the EU and...more
Two delegated acts were published in the Official Journal of the European Union (OJ) in respect of the EU Digital Operational Resilience Act (DORA). These are: - Commission Delegated Regulation (EU) 2025/301, which comprises...more
The European Central Bank (ECB) has published an updated version of the threat intelligence-based ethical red teaming framework (TIBER-EU framework) (dated January) to align with the Digital Operational Resilience Act (DORA)...more
The European Commission (EC) has adopted a Commission Delegated Regulation supplementing the Digital Operational Resilience Act (DORA) with regard to RTS specifying the criteria used for identifying financial entities...more
The Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114) (henceforth “MiCA”), which entered into force in June 2023, seeks to establish a comprehensive regulatory framework for crypto-assets across the EU. However,...more
The European Supervisory Authorities (“ESAs”) published a roadmap to designate critical ICT third-party service providers (“CTPPs”) under the Digital Operational Resilience Act (“DORA”). To designate an ICT third-party...more
The European Commission has published a letter (dated 21 January 2025) addressed to the Joint Committee of the European Supervisory Authorities (ESAs) rejecting certain draft regulatory technical standards (RTS) the ESAs...more
The Financial Markets Standards Board has published the final version of its standard for sharing standard settlement instructions. The standard establishes core principles which set out expected practices for the sharing of...more
The European Insurance and Occupational Pensions Authority recently published the European Commission’s response (Q&A 2999) on the question of which services fall under the definition of “ICT services” under Article 3(21) of...more
What has happened: On 21 January 2025, the European Commission sent a letter to the Chair of the Joint Committee of the ESAs with its decision to reject the draft Regulatory Technical Standards (“RTS”) on subcontracting...more
European regulators recently published clarifications on the scope of ICT services under the EU Digital Operational Resilience Act (DORA), prepared by the European Commission, which confirms previous guidance and enables...more
Firms involved in implementing changes to comply with new rules under the EU Digital Operational Resilience Act (DORA) have questioned whether financial services provided by other regulated firms may fall within the...more
The European Banking Authority has announced that it has repealed its guidelines on major incident reporting under the revised Payment Services Directive due to the application of harmonized incident reporting under the...more
Regulation (EU) 2022/2554 on digital operational resilience for the financial sector (“DORA”), which establishes a uniform set of requirements relating to the security of network and information systems supporting financial...more
Beginning 17 January 2025, the Digital Operational Resilience Act (DORA) will apply to almost all EU financial entities, including banks, insurers and reinsurers, brokers , payment and electronic money institutions,...more
Starting January 17, 2025, the Digital Operational Resilience Act (DORA) will require financial entities and their critical information and communication technology (ICT) service providers to comply with enhanced...more
Digital Operational Resilience Act (DORA) aims to harmonize provisions related to cybersecurity and information and communication technology (ICT) risk management in the financial sector. Its scope covers nearly all entities...more