ESA: DORA & ICT Third Party Providers

On May 26th, 2023, the ESA released a discussion paper on delegated acts under DORA. It addresses criteria for critical ICT third-party providers and supervisory fees. The paper presents unified standards for assessing "criticality," but lacks clarity on their application in determining providers.

ESA: DORA & ICT Third Party Providers
EU Financial Regulation

ESA Releases Discussion Paper on DORA Delegated Acts

Source: Die Deutsche Kreditwirtschaft Keywords DORA ICT

On 26th May 2023, the European Supervisory Authorities (ESA) released a discussion paper on two delegated acts from the Digital Operational Resilience Act (DORA) concerning the establishment of further criteria for critical ICT third-party providers and the determination of supervisory fees to be levied on these providers. The paper outlines the quantitative and qualitative criteria and indicators as unified standards for assessing the "criticality" of ICT service providers by the ESA. However, it should be made clearer how these criteria will be used in the process of determining critical ICT service providers.




ESA's Discussion Paper on ICT Service Providers and Regulatory Implications


The European Supervisory Authorities (ESA) have recently released a discussion paper that holds significant implications for the future of ICT service providers in the European Union. This paper focuses on two delegated acts derived from the Digital Operational Resilience Act (DORA), which are aimed at establishing criteria for assessing the criticality of third-party providers and determining supervisory fees to be levied on them. These acts have the potential to reshape the regulatory landscape for financial institutions that rely on third-party ICT services.

The establishment of unified standards for assessing the criticality of ICT service providers is a notable development outlined in the discussion paper. This move towards consistency and transparency in supervision and regulation could enhance the stability and resilience of the European financial system. By implementing a standardized approach to evaluating the criticality of ICT service providers, financial institutions can expect more comprehensive scrutiny and assessment, which will ultimately contribute to strengthening operational resilience.

Another aspect addressed in the discussion paper is the determination of supervisory fees for critical ICT service providers. The level and calculation methodology of these fees may have significant financial implications for both the providers and the ESA, as well as national supervisory authorities. Financial institutions relying on third-party ICT services will need to carefully evaluate the potential impact of these fees on their cost structures, business strategies, and investment decisions. Mitigating efforts could involve adjusting budgets and implementing cost containment strategies to adapt to potential changes in supervisory fees.

The discussion paper also emphasizes the importance of clarity in the process of determining critical ICT service providers. Effective communication and cooperation between the ESA, national supervisory authorities, and the ICT service providers themselves will be crucial in achieving a transparent and well-defined process. Building trust and confidence in the regulatory framework requires a clear understanding of how the established criteria will be utilized in determining the criticality of ICT service providers. Financial institutions must actively engage in dialogue with their third-party providers to ensure alignment with the unified standards and criteria set by the ESA.

Overall, the ESA's discussion paper on the delegated acts under DORA represents a significant step towards enhancing the resilience and stability of the European financial system. Financial institutions should carefully analyze the potential impact of the proposed changes, adapt their strategies to address regulatory requirements, and foster effective communication with third-party ICT service providers. Through proactive compliance efforts, financial institutions can navigate the evolving regulatory landscape and continue to deliver robust and secure financial services.




Read More

Home - Die Deutsche Kreditwirtschaft
Am 26. Mai 2023 haben die die Europäische Finanzaufsichten ein Diskussionspapier über zwei delegierte Rechtsakte aus DORA zur Festlegung weiterer Kriterien für kritische IKT-Drittanbieter und zur Bestimmung der von diesen Anbietern zu erhebenden Aufsichtsgebühren vorgelegt.




Grand is Live

Check out our GPT4 powered GRC Platform

Sign up Free

Reduce your
compliance risks