DORA Amendments: EFAMA on Regulation Standards
DORA's proposed revisions raise concerns in the EU's financial sector. While aiming for enhanced transparency and digital resilience, the "one size fits all" approach might burden smaller entities. Industry feedback, such as EFAMA's, highlights challenges like unnecessary data retention.
DORA Amendments Urged for Greater Proportionality and Simplicity
The European Fund and Asset Management Association (EFAMA) has voiced its concerns on the proposed changes to the Digital Operational Resilience Act (DORA). The association has highlighted the need for a proportionate and simpler approach in the draft regulation standards. Currently, DORA applies to a wide spectrum of entities, from credit institutions to asset management firms, each with varying degrees of reliance on information and communication technology (ICT) services. EFAMA argues that the proposed uniform approach could prove excessive for many, especially asset management companies. The association also criticises the complex templates required for the register on contractual ICT service arrangements. EFAMA suggests that information on service providers could be more efficiently supplied by the providers themselves, instead of by financial entities. The association also questions the necessity of retaining data on terminated contracts for 5 years and including sensitive contract details. Finally, while EFAMA acknowledges the attempt to provide clarity on major ICT-related incidents, it warns that the proposed methodology could lead to an over-identification of incidents, making it more difficult to identify the truly significant ones.
DORA Revisions and the Financial Sector: Striking a Balance Between Operational Resilience and Efficiency
The financial landscape of the European Union is poised for potential transformation as the Digital Operational Resilience Act (DORA) undergoes revisions. With associations like the European Fund and Asset Management Association (EFAMA) expressing concerns, it's imperative to delve deeper into the nuances of these proposed changes and their implications for the financial ecosystem.
The crux of EFAMA's apprehension lies in DORA's attempt to implement a "one size fits all" approach, which could introduce an array of complexities, especially for smaller financial entities like asset management firms. Such an approach could inadvertently stifle innovation by deterring newcomers due to the bureaucratic maze and resource-intensive requirements.
On the brighter side, the draft's intent seems to be ushering in a higher degree of transparency and accountability, crucial for bolstering public confidence. An enhanced focus on ICT risk management might also kindle growth in the ICT sector as institutions prioritize fortifying their digital infrastructures.
Operational Challenges and the Way Forward
The changes, however, don't come without operational challenges. EFAMA's feedback underscores the intricacies of the proposed register on contractual ICT service arrangements. Rather than institutions maintaining these intricate registers, allowing service providers to directly provide this information could streamline processes, eliminating duplications and subsequently reducing operational costs. Furthermore, the stipulation to store data on terminated contracts for half a decade could be seen as an unnecessary retention overhead.
An equally pressing concern is the proposed methodology to identify ICT-related incidents. There's a looming risk of trivial incidents overshadowing significant threats, which in turn could escalate the sector's vulnerability to cyber threats. Such vulnerabilities, if realized, could ripple into uncertainties surrounding financial stability and consumer trust.
As the EU navigates the revisions to DORA, striking a balance between resilience and operational efficiency is paramount. It is essential to heed feedback from industry stakeholders like EFAMA and others. Crafting a resilient, transparent, yet efficient regulatory framework will not only safeguard the financial sector but also ensure its growth and innovation in a digital age.
Read More
Reduce your
compliance risks
