DORA Regulation: AFME Discussion on Third Party Criteria

AFME responded to the DORA consultation, stressing a targeted approach to high-risk TPPs. They suggest a risk-based framework for efficient resource allocation and advocate for using existing Outsourcing Registers to tackle data collection issues, specifically regarding subcontractors.

DORA Regulation: AFME Discussion on Third Party Criteria
EU Digital Operational Resilience

Joint European Supervisory Authority Discusses DORA Criteria for Critical Third-Party Providers

Source: Association for Financial Markets in Europe Keywords DORA TPP

The Association for Financial Markets in Europe (AFME) has provided a consultation response to the Joint European Supervisory Authority's discussion paper on the Digital Operational Resilience Act (DORA). The response emphasizes the need for a targeted and limited scope, focusing on capturing those Third Party Providers (TPPs) that pose a potential systemic risk. AFME suggests that the European Supervisory Authorities (ESAs) should develop a framework that concentrates on a targeted and risk-based approach, allowing for a more efficient allocation of regulatory and supervisory resources. The response raises concerns about the availability and collection of data, particularly in relation to subcontractors (fourth-party providers). AFME recommends leveraging existing databases such as the Outsourcing Registers to avoid the challenges and burdens associated with creating new DORA-specific data attributes.

AFME's Response to DORA: Shaping the Future of Digital Operational Resilience in European Financial Markets

The Association for Financial Markets in Europe (AFME) has provided a consultation response to the Joint European Supervisory Authority's discussion paper on the Digital Operational Resilience Act (DORA). This response holds significant implications for the future development of the digital operational resilience framework in Europe and highlights key considerations for financial institutions operating as Third Party Providers (TPPs) and subcontractors (fourth-party providers).

The AFME's emphasis on a targeted and limited scope within the regulatory framework demonstrates a focus on capturing TPPs that pose potential systemic risks. By adopting a risk-based approach, regulatory and supervisory resources can be allocated more efficiently, ensuring that the most significant risks are adequately addressed. This approach is a step towards creating a more streamlined and effective regulatory environment, promoting stability and growth within European financial markets.

However, the AFME's response also sheds light on the challenges related to data collection and availability. Particularly, the difficulty of obtaining data from subcontractors raises concerns regarding the need for direct engagement between authorities and TPPs. Leveraging existing databases, such as the Outsourcing Registers, could serve as a viable solution to overcome these challenges and reduce the burden on financial entities. Nevertheless, this approach may necessitate further harmonization and standardization of operational resilience frameworks and data attributes, ensuring a cohesive and integrated system.

In the long term, the adoption of AFME's recommendations could lead to a more robust and efficient digital operational resilience framework. By addressing evolving risks and challenges in the financial industry, this framework would contribute to the stability and growth of European financial markets. Moreover, it would support economic development and benefit society as a whole.

To stay compliant with DORA, TPPs should proactively focus on implementing operational resilience measures that mitigate potential systemic risks. Strengthening data management and collection practices, especially concerning subcontractors, will be crucial. Regularly monitoring developments and guidelines from the European Supervisory Authorities (ESAs) will enable TPPs to stay informed and adapt to evolving regulatory requirements. Additionally, actively participating in the development of a targeted and risk-based framework will allow TPPs to contribute their expertise and perspectives.

In summary, the AFME's response to the DORA discussion paper signifies a crucial step towards the future of the digital operational resilience framework in Europe. By advocating for a targeted and risk-based approach, addressing challenges related to data collection, and emphasizing the importance of direct engagement with authorities, the financial industry can strive towards a more resilient and efficient regulatory landscape. By embracing these recommendations, financial institutions can foster stability, growth, and economic development within European financial markets.

Read More

ESAs Discussion Paper on criticality criteria and oversight fees on DORA
The European Supervisory Authorities (EBA, EIOPA and ESMA - ESAs) today published a joint Discussion Paper seeking stakeholders’ input on aspects of the Digital Operational Resilience Act (DORA). This Discussion Paper follows the European Commission’s request for technical advice on the criteria…

Grand is Live

Check out our GPT4 powered GRC Platform

Sign up Free

Reduce your
compliance risks