The adoption of innovative technology by European banks requires a balance between a reliable and consistent framework of financial regulation and flexibility to adapt to changing business models.
The
inherently cross-border nature of digital service solutions needs to be
addressed by banks, regulators, and digital service providers on common
ground, looking for the secure facilitation of financial service
innovation across Europe. An appropriate and harmonized pan-European
legal framework is key to facilitate adoption of innovative technology.
Consequently, the EBF welcomes the European Commission’s aim to
enhance operational resilience in Europe. The financial industry’s own
considerations will benefit from more harmonized ICT-related rules at
the European level, aligned with the existing supervisory framework
today. Detrimental fragmentation of the regulatory framework should be
avoided, addressing risks consistently and proportionately across
European jurisdictions without hampering the financial industry’s
ability to apply innovative services.
With this position paper, the EBF addresses the proposal for a
Regulation on digital operational resilience for the financial sector,
as published by the Commission in September 2020.
KEY MESSAGES •The EBF calls for a risk-based approach and the consistent application of theproportionality principle across DORA consistently. (p. 8; p. 22; p. 23)•The EBF calls for a fully harmonized cyber incident reporting framework. (p.16)•The EBF calls for an EU-wide mutually recognized digital operational testing framework. (p.19)•The EBF calls for an alignment of DORA’s requirement for financial entities withexisting supervisory guidance under the EBA guidelines on outsourcing and ICTand security risk management. (p. 23)•The EBF emphasizes the need for close attention to the implicated additionalburden for critical third-party providers’ (CTPPs) customers under the proposedoversight framework. Access to innovation must not be detrimentally limited dueto disproportionate obligations and limits for the provider selection. (p. 23, p.29)•The EBF understands an appropriately designed oversight framework for CTPPs tobe of added value for TPP customers. (p. 30)•The EBF emphasizes that termination of the contractual arrangement by thecompetent authority should not be a standard enforcement tool, since it carriessignificant risk. (p. 31)•The EBF calls for enabling the establishment of meaningful and voluntary cyberthreat information-sharing arrangements among trusted circles. (p. 35)•The EBF believes that the numerous Regulatory Technical Standards (RTS)delegated to the ESAs should not be too prescriptive, providing flexibility in themeasures they adopt. (p.37)
EBF
© EBF
Key
Hover over the blue highlighted
text to view the acronym meaning
Hover
over these icons for more information
Comments:
No Comments for this Article