ESAs establish cyber crisis management framework
18 July 2024 Europe
Image: Sikov/stock.adobe.com
The European Supervisory Authorities (ESAs) will establish the EU systemic cyber incident coordination framework (EU-SCICF), in the context of the Digital Operational Resilience Act (DORA).
The ESAs consist of the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA), and the European Securities Markets Authority (ESMA).
Through this framework, the organisations aim to facilitate an effective financial sector response to a cyber incident that poses a risk to financial stability.
The EU-SCIC is designed to strengthen coordination among financial authorities and other relevant bodies in the European Union, as well as with key actors at international level.
This move comes after the European Systemic Risk Board (ESRB) identified a shortfall in crisis management frameworks that could lead to a lack of financial sector coordination in the event of a significant cross-border ICT incident.
Over the coming months, the ESAs will start implementing the framework by setting up three institutions — EU-SCICF Secretariat, EU-SCICF Forum, and EU-SCICF Crisis Coordination.
In addition, the ESAs have published a second batch of policy products under the DORA regulation, following a public consultation.
The ESAs will identify legal and other operational obstacles encountered during the initial set-up and report these to the European Commission, which will oversee the further development of the framework.
This second batch includes four final draft regulatory technical standards (RTS), one set of implementing technical standards (ITS), and two guidelines, all of which aim to enhance the digital operational resilience of the EU’s financial sector.
The package focuses on the reporting framework for ICT-related incidents and threat-led penetration testing, while also introducing some requirements for the oversight framework to ensure continuous, uninterrupted provision of financial services to customers and safety of their data.
The boards of supervisors of the ESAs have already adopted the guidelines, and the European Commission will now begin working on their review to adopt these policy products in the coming months.
According to ESMA, the remaining RTS on subcontracting will be published “in due course”.
The ESAs consist of the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA), and the European Securities Markets Authority (ESMA).
Through this framework, the organisations aim to facilitate an effective financial sector response to a cyber incident that poses a risk to financial stability.
The EU-SCIC is designed to strengthen coordination among financial authorities and other relevant bodies in the European Union, as well as with key actors at international level.
This move comes after the European Systemic Risk Board (ESRB) identified a shortfall in crisis management frameworks that could lead to a lack of financial sector coordination in the event of a significant cross-border ICT incident.
Over the coming months, the ESAs will start implementing the framework by setting up three institutions — EU-SCICF Secretariat, EU-SCICF Forum, and EU-SCICF Crisis Coordination.
In addition, the ESAs have published a second batch of policy products under the DORA regulation, following a public consultation.
The ESAs will identify legal and other operational obstacles encountered during the initial set-up and report these to the European Commission, which will oversee the further development of the framework.
This second batch includes four final draft regulatory technical standards (RTS), one set of implementing technical standards (ITS), and two guidelines, all of which aim to enhance the digital operational resilience of the EU’s financial sector.
The package focuses on the reporting framework for ICT-related incidents and threat-led penetration testing, while also introducing some requirements for the oversight framework to ensure continuous, uninterrupted provision of financial services to customers and safety of their data.
The boards of supervisors of the ESAs have already adopted the guidelines, and the European Commission will now begin working on their review to adopt these policy products in the coming months.
According to ESMA, the remaining RTS on subcontracting will be published “in due course”.
NO FEE, NO RISK
100% ON RETURNS If you invest in only one securities finance news source this year, make sure it is your free subscription to Securities Finance Times
100% ON RETURNS If you invest in only one securities finance news source this year, make sure it is your free subscription to Securities Finance Times
