Handelszeiten in Europa
-
-
ESAs published joint Final report on the draft technical standards on subcontracting under DORA
ESAs published joint Final report on the draft technical standards on subcontracting under DORA
The three European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) today published their joint Final report on the draft Regulatory Technical Standards (RTS) specifying how to determine and assess the conditions for subcontracting information and communication technology (ICT) services that support critical or important functions under the Digital Operational Resilience Act (DORA). These RTS aim at enhancing the digital operational resilience of the EU financial sector by strengthening the financial entities’ ICT risk management over the use of subcontracting.
These RTS focus on ICT services provided by ICT subcontractors that support critical or important functions, or material parts of them. In addition, they specify the requirements throughout the lifecycle of contractual arrangements between financial entities and ICT third-party service providers. In particular, they require financial entities to assess the risks associated with subcontracting during the precontractual phase, including the due diligence process.
Requirements for the implementation and management of contractual arrangements on subcontracting conditions are defined with these RTS, to ensure that financial entities monitor the subcontractors effectively underpinning the ICT services that support critical or important functions and remain in control of their risks.
Today’s RTS finalise the publication of the ESAs’ second batch of regulatory products under DORA.
Further information:
Cristina Bonillo
Senior Communications Officer
press@esma.europa.euAleksandra Bojanić
Senior Communications Officer
press@esma.europa.eu26/07/2024 JC 2024 53Final report on the draft technical standards on subcontracting under DORA ESMA sets out its long-term vision on the functioning of the Sustainable Finance Framework
ESMA sets out its long-term vision on the functioning of the Sustainable Finance Framework
The European Securities and Markets Authority (ESMA), the EU’s financial markets regulator and supervisor, has today published an Opinion on the Sustainable Finance Regulatory Framework, setting out possible long-term improvements.
ESMA acknowledges that the EU Sustainable Finance Framework is already well developed and includes safeguards against greenwashing. At the same time, ESMA considers that, in the longer-term, the Framework could further evolve to facilitate investors’ access to sustainable investments and support the effective functioning of the Sustainable Investment Value Chain.
Main recommendations for the European Commission’s consideration:
- The EU Taxonomy should become the sole, common reference point for the assessment of sustainability and should be embedded in all Sustainable Finance legislation;
- The EU Taxonomy should be completed for all activities that can substantially contribute to environmental sustainability and a social taxonomy developed;
- A definition of transition investments should be incorporated into the Framework to provide legal clarity and support the creation of transition-related products;
- All financial products should disclose some minimum basic sustainability information, covering environmental and social characteristics;
- A product categorisation system should be introduced catering to sustainability and transition, based on a set of clear eligibility criteria and binding transparency obligations;
- ESG data products should be brought into the regulatory perimeter, the consistency of ESG metrics continue to be improved, reliability of estimates ensured; and
- Consumer and industry testing should be carried out before implementing policy solutions to ensure their feasibility and appropriateness for retail investors.
This Opinion builds on the findings of the ESMA Progress Report on Greenwashing and the Joint ESAs Opinion on the review of the SFDR. The Opinion also represents the last component of ESMA's reply to the EC Request for input related to greenwashing, next to the Final Report on Greenwashing.
24/07/2024 ESMA36-1079078717-2587Opinion on the functioning of the Sustainable Finance Framework ESMA publishes its follow-up report to the Fast Track Peer Review on Wirecard
ESMA publishes its follow-up report to the Fast Track Peer Review on Wirecard
The European Securities and Markets Authority (ESMA), EU’s financial markets regulator and supervisor, published today its Follow-up Report to the Wirecard Fast Track Peer Review assessing the progress made with respect to the recommendations formulated in 2020.
This report follows up on the implementation of the recommendations made in the previous Wirecard Fast Track Peer Review Report.
Among the key findings, ESMA highlights the following:
- Germany’s supervisory system in financial reporting was substantially revised and strengthened, discontinuing the 2-tier system and entrusting all supervision to the German Federal Financial Supervisory Authority (BaFin);
- BaFin’s independence from issuers and government improved with the set-up of a framework for managing conflicts of interests applicable to all staff and principles of cooperation formalised between BaFin and the Government;
- the selection model and examination procedure are improved,
- the investigative powers, cooperation and exchange of information are expanded;
- BaFin now fully complies with the Guidelines on Enforcement of Financial Information (GLEFI).
ESMA had previously carried out a Peer Review under the ESMA Regulation and Peer Review Methodology, in the form of a Fast Track procedure and focusing on only one jurisdiction and one issuer.
Further information:
Sarah Edwards
Senior Communications Officer
press@esma.europa.euCristina Bonillo
Senior Communications Officer
press@esma.europa.euESAs published second batch of policy products under DORA
ESAs published second batch of policy products under DORA
The three European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) published today the second batch of policy products under the Digital Operational Resilience Act (DORA). This batch consists of four final draft regulatory technical standards (RTS), one set of Implementing Technical Standards (ITS) and 2 guidelines, all of which aim at enhancing the digital operational resilience of the EU’s financial sector.
The package focuses on the reporting framework for ICT-related incidents (reporting clarity, templates) and threat-led penetration testing while also introducing some requirements on the design of the oversight framework, which enhance the digital operational resilience of the EU financial sector, thus also ensuring continuous and uninterrupted provision of financial services to customers and safety of their data.
The ESAs are publishing the following final draft technical standards:
- RTS and ITS on the content, format, templates and timelines for reporting major ICT-related incidents and significant cyber threats;
- RTS on the harmonisation of conditions enabling the conduct of the oversight activities;
- RTS specifying the criteria for determining the composition of the joint examination team (JET); and
- RTS on threat-led penetration testing (TLPT).
The set of guidelines include:
- Guidelines on the estimation of aggregated costs/losses caused by major ICT-related incidents; and
- Guidelines on oversight cooperation.
Next steps
The guidelines have already been adopted by the Boards of Supervisors of the three ESAs. The final draft technical standards have been submitted to the European Commission, which will now start working on their review with the objective to adopt these policy products in the coming months. The remaining RTS on Subcontracting will be published in due course.
Background
The public consultation on all the above-mentioned technical standards and guidelines took place from 8 December 2023 to 4 March 2024. The ESAs received more than 364 responses from market participants (265 for the technical standards and 99 for the two guidelines), including a joint response from ESAs’ stakeholder groups. The RTS on JET has been consulted on separately from 18 April to 18 May and brought forward 9 responses from stakeholders. All these public consultations led to specific changes to the technical standards, ensuring simplification and streamlining of the requirements, greater proportionality and addressing sector-specific concerns. ESAs have consulted with the European Central Bank (ECB) and European Union Agency for Cybersecurity (ENISA) for the technical standards relating to incident reporting.
Further information:
Cristina Bonillo
Senior Communications Officer
press@esma.europa.eu17/07/2024 JC 2024 29Final Report on draft RTS specifying elements related to threat led penetration tests 17/07/2024 JC 2024 33Final report on the draft RTS and ITS on incident reporting 17/07/2024 JC 2024 34Final Report on Joint Guidelines on the estimation of aggregated annual costs and losses caused by major ICT-related incidents 17/07/2024 JC 2024-35Final Report on draft RTS on harmonisation of conditions enabling the conduct of the oversight activities ESAs establish framework to strengthen coordination in case of systemic cyber incidents
ESAs establish framework to strengthen coordination in case of systemic cyber incidents
The three European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) will establish the EU systemic cyber incident coordination framework (EU-SCICF), in the context of the Digital Operational Resilience Act (DORA), that will facilitate an effective financial sector response to a cyber incident that poses a risk to financial stability, by strengthening the coordination among financial authorities and other relevant bodies in the European Union, as well as with key actors at international level.
Over the coming months, the ESAs will kickstart the implementation of the framework by setting up:
- the EU-SCICF Secretariat, supporting the functioning of the framework;
- the EU-SCICF Forum, working on testing and maturing the functioning;
- the EU-SCICF Crisis Coordination, facilitating during a crisis the coordination of actions by the participating authorities.
The ESAs will identify legal and other operational hurdles encountered during the initial set up and report these to the European Commission. The further development of the framework will be subject to the availability of resources and other measures taken by the European Commission.
Background
After identifying a shortfall in crisis management frameworks that could lead to a lack of financial sector coordination in the event of a significant cross-border information and communication technologies (ICT) incident, the European Systemic Risk Board (ESRB) recommended the ESAs to build on the role foreseen in the Digital Operational Resilience Act (DORA), and to gradually develop a pan-European systemic cyber incident coordination framework (EU-SCICF).
Further information:
Cristina Bonillo
Senior Communications Officer
press@esma.europa.eu17/07/2024 EU-SCICFOne Pager on EU-SCICF
-