Roger Thiel’s Post

Yesterday the European Supervisory Authorities (EBA, EIOPA, and ESMA – the ESAs) have announced a voluntary exercise launching in May for the collection of registers of information on the use of ICT third-party service providers. This exercise is a precursor to the Digital Operation Resilience Act (DORA) requirements starting from 2025. This dry run is designed to help you prepare for establishing your register of information, gathering the relevant data, and reporting your registers to your respective competent authorities. The ESAs aim is to support you in building your register of information, testing the reporting process, addressing data quality issues, and improving internal processes. The ESAs will provide feedback on data quality, return cleaned files, organize workshops, and answer FAQs. The data collection is set to launch in May 2024, with submissions due between 1 July and 30 August. #RiskManagement #DORA #DigitalResilience #ESAs #MillimanAI #Milliman #Millimanbenelux #milliman

📢 #ESAs to run voluntary dry run exercise to prepare industry for the next stage of #DORA implementation Today the ESAs announced a voluntary exercise starting in May to collect information on financial entities' use of ICT third-party service providers. This initiative, preparing for mandatory requirements under DORA that will apply starting in 2025, aims to help financial entities prepare for maintaining and reporting registers of their ICT third-party usage. Information will be gathered through their competent authorities in this preparatory exercise. https://lnkd.in/eAyirmkz

European Single Electronic Format #ESEF | ESMA updated its Reporting Manual on ESEF supporting a harmonised approach for the preparation of annual financial reports. ESMA has also updated the Annex II of the Regulatory Technical Standards on ESEF → https://lnkd.in/gxGcA5us. 👤 issuers are expected to follow this guidance for their 2024 annual financial reports ✅ recommendations when tagging empty fields or dash symbols ✅ clarifying that extension elements should be anchored to core elements sharing the same data type ✅ advising on practices to further improve the readability of the information extracted from a block tag ✅ encouraging the use of unique identifiers for each tagged fact

🚨Interesting news from the European Supervisory Authorities (#EBA, #EIOPA, #ESMA)! 👉 In May, a pivotal initiative will kick off to prepare financial institutions for the 2025 implementation of the Digital Operational Resilience Act (#DORA). This #voluntary exercise is designed to help firms get ahead in managing their #ICT #thirdparty service information. 👉 Participants will benefit from hands-on support, ensuring their data management processes are robust and compliant. 🗓️ Mark your calendars for the data submission window: July 1 - August 30, 2024. #FinancialServices #DORA #OperationalResilience #DigitalInnovation #DigitalFinance #FinTech #ComplianceManagement #FinancialRegulation #FinancialInnovation #DigitalBanking #CyberSecurity #ThirdPartyRisk

The FMA has released its first insights report into supervision activities and monitoring of the Financial Advice Provider (FAP) sector. The report highlights that FAPs and financial advisers have generally made good progress in transitioning to the new requirements. The FMA commented that they have seen FAPs using the new requirements to further serve the needs of their clients and build stronger and more resilient businesses. But the FMA also emphasised the need to avoid a 'tick the box' approach to compliance. They identified gaps that, if they remain unchecked, could escalate into poor outcomes for clients. Everyone can learn from these insights. FAPs and financial advisers should assess and improve their operations to align with the overarching objective to serve the needs of clients and invest the effort and time to ensure their arrangements are fit to achieve this. Read more... https://lnkd.in/g5iKubJa

The #oversight framework on critical #ICT third-party providers #cTPP is one of the main innovations of #DORA. The voluntary exercise launched today by the three #ESA is very useful for the framework definition but also for financial entities that want to test the completeness of their information about third parties according to the requirements included in the #ITS on the registry of information. DORA is coming (cit.) #cyber #cyberresilience #digitalresilience #cybersecurity #thirdpartyrisk #regulation #cyberrisk #RoI

Interesting news from the ESAs - preparing the industry for the next stages of DORA (Digital Operational Resilience Act) ✅️ In this context, some important definitions given by the Regulation (EU) 2022/2554 on digital operational resilience 🔎 👉 'ICT risk' means any reasonably identifiable circumstance in relation to the use of network and information systems which, if materialised, may compromise the security of the network and information systems, of any technology dependent tool or process, of operations and processes, or of the provision of services by producing adverse effects in the digital or physical environment; 👉 'ICT third party risk' means an ICT risk that may arise for a financial entity in relation to its use of ICT services provided by ICT third - party service providers or by subcontractors of the latter, including through outsourcing arrangements; Additionally, Chapter V (Managing of ICT third - party risk), Article 28, defines general principles, some of which are: "Financial entities shall manage ICT third - party risk as an integral component of ICT risk within their ICT risk management framework as refered to in Article 6(1) and in accordance with the following principles: (a) financial entities that have in place contractual arrangements for the use of ICT services to run their business operations shall, at all times, remain fully responsible for compliance with, and the discharge of, all obligations under this Regulation and applicable financial services law; (b) financial entities' management of ICT third - party risk shall be implemented in the light of the principle of proportionality, taking into account: (i) the nature, scale, complexity and importance of ICT - related dependencies, (ii) the risks arising from contractual arrangements on the use of ICT services concluded with ICT third - party service providers, taking into account the criticality or importance of the respective service, process or function, and the potentional impact on the continuity and availability of financial services and activities, at individual and at group level." ➡️ Article 28(9) of DORA mandates the European Supervisory Authorities (ESAs) to develop draft implementing technical standards to establish the standard templates for the purposes of the register of information, including information that is common to all contractual arrangements on the use of ICT services. #DORA will apply as of 17 January 2025 - the date is getting closer and closer ⏳️

#DORA #ESMA #EBA #EIOPA #BAFIN #ICT ESAs to run voluntary dry run exercise to prepare industry for the next stage of DORA implementation The European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) announced that they will launch in May 2024 the voluntary exercise for the collection of the registers of information of contractual arrangements on the use of ICT third-party service providers by the financial entities. Under the Digital Operation Resilience Act (DORA) and starting from 2025, financial entities will have to maintain registers of information regarding their use of ICT third-party providers. In this dry run exercise, this information will be collected from financial entities through their competent authorities and will serve as preparation for the implementation and reporting of registers of information under DORA. The ESAs and the competent authorities are introducing this voluntary exercise to help financial entities prepare for establishing their register of information, gathering the relevant information specified in the ESAs’ final draft Implementing Standards on the registers of information and reporting their registers of information to their respective competent authorities, who will, in turn, provide those to the ESAs. Financial entities participating in the dry run will receive support from the ESAs to: (1) build their register of information in the format as close as possible to the steady-state reporting from 2025, (2) test the reporting process, (3) address data quality issues, and (4) improve internal processes and quality of their registers of information. As part of the exercise, the ESAs will provide feedback on data quality to financial entities participating, return cleaned files with their register of information, organise workshops and respond to frequently asked questions. Next steps The ad-hoc data collection is expected to be launched in May 2024 with the financial entities expecting to submit their registers of information to the ESAs through their competent authorities between 1 July and 30 August. This approach might be a chance to test parts of being DORA compliant officially and show the importance for all EU regulators re DORA readyness. Best regards Hartmut Renz You will find the document here: https://lnkd.in/eyDaihum  

ESMA publishes the 2024 ESEF Reporting Manual

ESMA publishes the 2024 ESEF Reporting Manual