DORA Takes Shape: New EU Guidelines & Framework Boost Financial Sector Cyber Resilience

The European Supervisory Authorities (ESAs) have recently released a series of reports and guidelines that significantly impact how financial entities (FEs) in the European Union will handle ICT incidents, cybersecurity, and third-party risk management under the Digital Operational Resilience Act (DORA).

Incident Reporting & Oversight: Clearer Rules, Stronger Collaboration

Key Takeaways:

• Standardised Incident Reporting: The ESAs have finalised guidelines on how FEs should report major ICT incidents and cyber threats. This includes standardised templates, clearer reporting timelines, and the option for aggregated reporting under certain circumstances.

• Enhanced Oversight of Critical ICT Providers: A new framework is needed to increase oversight of critical third-party service providers (CTPPs) in the financial sector. This means greater scrutiny for those providers essential to the financial ecosystem.

• Cooperation & Information Exchange: The new guidelines emphasise cooperation between ESAs and national competent authorities, ensuring consistent supervision and information sharing to address cyber threats.

What this means for Financial Entities:

These updates will require FEs to review and update their incident response procedures, ensure alignment with DORA reporting requirements, and potentially adapt to new information-sharing protocols.

Cost Estimation & Systemic Risk Response

Key Takeaways:

• Cost Estimation Guidelines: The ESAs have released guidelines on how financial institutions should estimate the financial impact of major ICT incidents, helping them better understand and mitigate risks.

• EU Systemic Cyber Incident Coordination Framework (EU-SCICF): This new framework will enhance coordination among financial authorities and relevant bodies to improve the sector's response to large-scale cyber incidents.

What this means for Financial Entities:

Financial institutions must establish or update their processes to estimate the costs of cyber incidents and potentially adapt to new reporting requirements under the EU-SCICF. The framework will help create a more resilient financial sector that is better prepared to handle systemic cyber threats.

Looking Ahead

These initiatives represent a significant step in strengthening the European financial sector's cyber resilience. They underscore the growing importance of cybersecurity in the financial world and highlight the need for ongoing vigilance and preparedness. Financial entities should proactively engage with the new guidelines and frameworks to ensure compliance, mitigate risks, and contribute to a more secure financial ecosystem.

#DORA #DigitalOperationalResilienceAct #EUSupervisoryAuthorities #Cybersecurity #FinancialSector #FinTech #RegTech

https://www.eba.europa.eu/sites/default/files/2024-07/6d341d14-0c54-44ff-a849-21561baee157/JC%202024-33%20-%20Final%20report%20on%20the%20draft%20RTS%20and%20ITS%20on%20incident%20reporting.pdf

https://www.eba.europa.eu/sites/default/files/2024-07/619a6c58-6044-41b3-a841-06b01863020b/JC%202024%2054%20-%20Final%20Report%20RTS%20on%20JET.pdf 

https://www.eba.europa.eu/sites/default/files/2024-07/30e5ef75-b0a5-4ab0-8ce6-36c619c5e093/JC%202024-35%20-%20Final%20report%20on%20RTS%20on%20harmonisation%20of%20conditions%20for%20OVS%20conduct.pdf 

https://www.eba.europa.eu/sites/default/files/2024-07/48958acb-1c6d-40f0-9784-961713759972/JC%202024-34%20-%20Final%20report%20GL%20on%20costs%20and%20losses.pdf

https://www.eba.europa.eu/sites/default/files/2024-07/e0701aa1-d1a5-4996-8b30-5a933d15058e/JC%202024-36%20-%20Final%20report%20on%20GL%20on%20oversight%20cooperation.pdf

https://www.esma.europa.eu/press-news/esma-news/esas-establish-framework-strengthen-coordination-case-systemic-cyber-incidents