Maltese Parliament approves updates to the VFA Act ahead of MiCA
by Ganado Advocates
6th May 2024
by Ganado Advocates
13th January 2023
On 27 December 2022 Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector [1] (the “Regulation” or “DORA”) and Amending Directive (EU) 2022/2556[2] (the “Amending Directive”) were published on the Official Journal of the EU and will enter into force on 16 January 2023. The Regulation will apply from 17 January 2025. Member States are required to adopt the measures necessary to comply with the Amending Directive also by 17 January 2025.
DORA represents the EU’s response to the ever-increasing number of cyberattacks against financial institutions. It’s designed to strengthen the security of EU financial firms (the umbrella term “financial entities” is used), such as banks, insurance companies, payment and e-money institutions, investment firms, and more by imposing resilience requirements and regulating the supply chain. It is designed to ensure the services they provide are not disrupted by cyberattacks, outages or other risks to the integrity and continuity of those services.
DORA harmonises and consolidates key elements of existing digital resilience frameworks and standards within the EU[3] but it also introduces new requirements. Financial entities tend to outsource much of their IT and deal with complex architectures. It is also for this reason that DORA applies also to third party service providers of ICT services and impacts the contracts financial entities agree with those providers. The sharpened focus on third-party risk management is evident throughout DORA. The new regulation also brings into scope providers of critical information to the financial services sector such as credit rating, critical benchmarking and data reporting services as well as financial market infrastructure providers such as central securities depositories, central counterparties and trading venues.
Broadly, DORA consists of requirements in five main areas:
It is pertinent to note that DORA embraces the principle of proportionality and, thus, follows the approach found in many other regulations and in a sense, puts the onus back on the individual financial entity, to assess and justify the standard and extent of requirements that it needs to prepare for and eventually implement.
Critical to an efficient implementation of DORA will also be the awaited raft of Regulatory/Implementing Technical Standards and Guidelines which will supplement DORA. In Annex 1 to the MFSA Circular on the publication of DORA issued on the 4 January 2023,[4] the MFSA sets out in different delivery deadlines for the planned work in this regard until the applicability date of January 2025.
Compliance with DORA is undoubtedly no easy task and can be a “game changer”. The various entities to whom DORA applies have a tight two-year preparatory term which should be used to undertake a gap analysis of their ICT risk management framework, including reviews of the internal governance structure and ICT risk and incident management and reporting mechanisms already in place. Entities should also reassess and renegotiate where necessary their agreements with third party ICT service providers to make them compliant with DORA. Entities are also to be prepared for increased supervisory engagement in this area: when the DORA enters into force considering that the Regulation provides supervisors with wider far-ranging mandates and powers. The real consideration for financial institutions is ultimately how they approach it – a compliance or “tick the box” exercise or a potential strategic opportunity.
[1] Which amends Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011
[2] Which amends Directives 2009/65/EC, 2009/138/EC, 2011/61/EU, 2013/36/EU, 2014/59/EU, 2014/65/EU, (EU) 2015/2366 and (EU) 2016/2341 as regards digital operational resilience for the financial sector
[3] To-date it does not appear that any existing laws or regulations or guidelines will be repealed, instead these would exist alongside DORA
[4] https://www.mfsa.mt/publications/circulars/supervisory-ict-risk-and-cybersecurity-circulars/
by Ganado Advocates
6th May 2024
by Ganado Advocates
23rd April 2024
by Ganado Advocates
5th April 2024
by CSB Group
5th April 2024
by Bank of Valletta
21st March 2024
by Bank of Valletta
18th March 2024
by Ganado Advocates
4th March 2024
by Ganado Advocates
23rd February 2024
by HSBC Bank Malta p.l.c.
19th February 2024
by Bank of Valletta
29th January 2024
by Bank of Valletta
17th January 2024
by CSB Group
12th January 2024
by Ganado Advocates
3rd January 2024
by Ganado Advocates
3rd January 2024
by Ganado Advocates
3rd January 2024
by Bank of Valletta
28th November 2023
by Bank of Valletta
23rd November 2023
by Bank of Valletta
3rd November 2023
by Ganado Advocates
1st November 2023
by Ganado Advocates
1st November 2023
by Ganado Advocates
1st November 2023
by Griffiths + Associates Ltd
31st October 2023
by Ganado Advocates
16th October 2023
by Bank of Valletta
29th September 2023
by Bank of Valletta
31st August 2023
by Bank of Valletta
28th August 2023
by Ganado Advocates
16th August 2023
by Ganado Advocates
16th August 2023
by Ganado Advocates
11th August 2023
by APS Bank plc
31st July 2023
by Ganado Advocates
28th June 2023
by Ganado Advocates
28th June 2023
by Ganado Advocates
28th June 2023
by Ganado Advocates
26th May 2023
by Bank of Valletta
7th May 2023
by Infocredit Group Limited
3rd May 2023
by Bank of Valletta
14th April 2023
by Ganado Advocates
10th April 2023
by CSB Group
14th March 2023
by Ganado Advocates
24th February 2023
by CSB Group
21st February 2023
by Griffiths + Associates Ltd
20th February 2023
by FinanceMalta
14th February 2023
by Bank of Valletta
31st January 2023
by CSB Group
19th January 2023
by Ganado Advocates
13th January 2023
by Bank of Valletta
27th December 2022
by Bank of Valletta
21st November 2022
by BNF Bank plc
18th November 2022
by Bank of Valletta
3rd November 2022
by FinanceMalta
28th October 2022
by BNF Bank plc
6th October 2022
by Bank of Valletta
16th September 2022
by Bank of Valletta
2nd September 2022
by CSB Group
31st August 2022
by Bank of Valletta
11th August 2022
by BNF Bank plc
10th August 2022
by Griffiths + Associates Ltd
29th July 2022
by Griffiths + Associates Ltd
25th July 2022
by BNF Bank plc
14th July 2022
by Bank of Valletta
3rd June 2022
by Infocredit Group Limited
19th May 2022
by The Malta Institute of Accountants
13th May 2022
by Griffiths + Associates Ltd
9th May 2022
by Griffiths + Associates Ltd
3rd May 2022
by Infocredit Group Limited
28th April 2022
by Infocredit Group Limited
8th April 2022
by Infocredit Group Limited
8th April 2022
by Ganado Advocates
24th February 2022
by Bank of Valletta
16th February 2022
by BNF Bank plc
12th January 2022
by BNF Bank plc
3rd December 2021
by Western Union Business Solutions
1st November 2021
by FinanceMalta
8th July 2021
by FinanceMalta
8th July 2021
by FinanceMalta
8th July 2021
by Bank of Valletta
28th June 2021
by FinanceMalta
18th June 2021
by Bank of Valletta
1st June 2021
by Bank of Valletta
26th May 2021
by Bank of Valletta
25th May 2021
by Bank of Valletta
18th May 2021
by Bank of Valletta
17th May 2021
by Bank of Valletta
7th May 2021
by FinanceMalta
29th April 2021
by Bank of Valletta
13th April 2021
by Bank of Valletta
18th February 2021
by Western Union Business Solutions
5th February 2021
by FinanceMalta
14th January 2021
by Bank of Valletta
4th January 2021
by Bank of Valletta
21st December 2020
by Bank of Valletta
18th December 2020
by Bank of Valletta
18th December 2020
by Bank of Valletta
30th November 2020
by Bank of Valletta
29th September 2020
by Infocredit Group Limited
23rd September 2020
by Bank of Valletta
14th September 2020
by Bank of Valletta
14th September 2020
by Bank of Valletta
2nd September 2020
by Bank of Valletta
19th August 2020
by APS Bank plc
3rd August 2020
by Bank of Valletta
31st July 2020
by Bank of Valletta
31st July 2020
by Ganado Advocates
17th July 2020
by FinanceMalta
10th June 2020