GRI

ESAs publish study on feasibility of further centralisation of major ICT-related incident reporting by financial entities

News Corporate Finance & M&A General Updates
Date: 17th Jan, 2025 Source: European Securities and Markets Authority Country: European Union Original Source

Brief

"On 01/02/2023", the "European Supervisory Authorities" issued an update regarding "Report on feasibility of further centralisation in reporting of major ICT-related incidents". The ESAs' joint report assesses three models for further centralisation, evaluating burden and cost reductions, as well as efficiency gains. The findings have been submitted to European Parliament, Council, and Commission for consideration on potential future developments in the financial sector regarding incident reporting centralisation.

The three European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) published today a report on the feasibility of further centralisation in the reporting of major ICT-related incidents by financial entities according to Article 21 of the Digital Operational Resilience Act (DORA).

In line with the DORA mandate, the ESAs’ joint report explores the potential for further centralisation regarding financial entities’ reporting of major ICT-related incidents to competent authorities.
The report assesses the feasibility of three different models: the baseline model, a model with enhanced data sharing arrangements and a fully centralised model. It considers the potential burden and cost reductions, as well as the efficiency and effectiveness gains that each model would bring for cross-sector supervisory practices.
Next steps
The joint report has been submitted to the European Parliament, the European Council and the European Commission, which will consider its findings for potential future developments in relation to the further centralisation of major ICT-related incident reporting in the financial sector.
Background
The report, prepared jointly by the ESAs in accordance to Article 21 of DORA, is based on input received from Competent Authorities and the ESAs’ Stakeholders Groups. The ESAs also drew on the expertise of a renowned IT strategy firm and consulted the ECB and ENISA while drafting the report.

Further information:
Cristina Bonillo
Senior Communications Officer press@esma.europa.eu

Highlights content goes here...

Purpose:
The European Supervisory Authorities (EBA, EIOPA, and ESMA) have published a joint report on the feasibility of further centralising the reporting of major ICT-related incidents by financial entities in line with Article 21 of the Digital Operational Resilience Act (DORA). The purpose of this report is to assess the potential benefits and challenges of three different models for centralising major ICT-related incident reporting, including a baseline model, an enhanced data sharing arrangement model, and a fully centralised model.

Effects on Industry:
The proposed centralisation of major ICT-related incident reporting by financial entities may have significant effects on the industry, including reduced burden and costs, as well as improved efficiency and effectiveness gains for cross-sector supervisory practices. The report highlights that the three models assessed may bring varying levels of benefits, with the fully centralised model offering the most substantial reductions in costs and burdens. However, it also notes that the enhanced data sharing arrangement model could provide significant efficiencies without sacrificing data quality.

Relevant Stakeholders:
The stakeholders affected by this update include financial entities, competent authorities, and industry associations. Financial entities would be required to comply with new reporting requirements, while competent authorities would need to adapt their supervisory practices to take advantage of the centralised reporting models. Industry associations may also be impacted as they navigate the changing regulatory landscape.

Next Steps:
The joint report has been submitted to the European Parliament, the European Council, and the European Commission for consideration. The next steps involve reviewing the findings and potential future developments in relation to further centralising major ICT-related incident reporting in the financial sector. This may involve further consultations with stakeholders, assessment of feasibility studies, or implementation of new regulations.

Any Other Relevant Information:
The report was prepared jointly by the ESAs in accordance with Article 21 of DORA, drawing on input from competent authorities and stakeholders groups. The ESAs consulted with a renowned IT strategy firm and engaged with the European Central Bank (ECB) and ENISA while drafting the report. This level of consultation ensures that the findings are based on thorough analysis and consideration of various perspectives.

European Securities and Markets Authority

Quick Insight
RADA.AI
RADA.AI
Hello! I'm RADA.AI - Regulatory Analysis and Decision Assistance. Your Intelligent guide for compliance and decision-making. How can i assist you today?
Suggested
Related Documents
Attention to Licensed companies regarding the Reference Based Drug Price List
Date: 5th Feb, 2025 Source: Turkish Medicines and Medical Devices Agency (TITCK) Country: Turkey
News Healthcare & Pharma General Updates
CFTC Announces Prediction Markets Roundtable
Date: 5th Feb, 2025 Source: Commodity Futures Trading Commission (CFTC) Country: USA
News Corporate Finance & M&A General Updates
2023 Completed matters
Date: 5th Feb, 2025 Source: Australian Taxation Office (ATO) Country: Australia
News Tax & Compliance General Updates

Form successfully submitted. One of our GRI rep will contact you shortly

Thanking You!

Click here

Enter your Email

Enter your registered username/email id.

Enter your Email

Enter your email id below to signup.

Enter your Email

Enter your email id below to signup.
Individual Plan
  • Designed for Growing Compliance Teams
$125 / month OR $1250 / year
Features
  • • Coverage for 20 jurisdictions
  • • Monitoring from 500+ regulatory authorities
  • • AI compliance summaries
  • • RaDa.ai : Single-Role
Best for: Researchers, Legal professionals, Academics
Subscribe Now
Enterprise Plan
  • Perfect for Global Enterprises
Contact for Pricing
Features
  • • Custom jurisdictional coverage
  • • Custom monitoring of regulatory authorities
  • • RaDa.ai : Customizable multi-role
  • • Custom reporting and dashboard capabilities
  • • API access for seamless integration
Best for: Law Firms, Corporations, Government Bodies
Contact Sales