Given the ever-increasing risks of cyber-attacks, the European Union (the ‘EU’) has been strengthening the information and communication technology (the ‘ICT’) security of financial entities, such as banks, insurance companies and investment firms. The Malta Financial Services Authority (the ‘MFSA’) has published an updated circular in relation to the Digital Operational Resilience Act (the ‘DORA’), which was enacted to ensure that the financial sector in Europe is able to stay digitally resilient.

Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (Text with EEA relevance) was recently published on the Official Journal of the EU and shall come into effect on the 16th of January 2023, to become fully applicable by the 17th of January 2025 following a two-year implementation period. As provided in Recital (12), this Regulation “aims to consolidate and upgrade ICT risk requirements as part of the operational risk requirements that have, up to this point, been addressed separately in various Union legal acts. While those acts covered the main categories of financial risk (e.g. credit risk, market risk, counterparty credit risk and liquidity risk, market conduct risk), they did not comprehensively tackle, at the time of their adoption, all components of operational resilience.”

Essentially, DORA introduces provisions, subject to different layers of proportionality, on financial entities in the areas of ICT risk management, ICT-related incident management, classification and reporting, digital operational resilience testing, managing of ICT third-party risk (including an Oversight Framework of critical ICT-third party providers) and voluntary information-sharing arrangements, with the aim of assisting firms in ensuring that they can withstand, respond to and recover from all types of ICT-related disruptions and threats. The requirements imposed by DORA are homogenous across all EU member states, with the ultimate aim of preventing and mitigating cyber threats, and are essentially applicable to critical third parties which provide ICT-related services to financial entities.1

This Regulation shall also be supplemented by a series of Regulatory/Implementing Technical Standards, Guidelines, Reports, Recommendations and Calls for Advice, all having different delivery deadlines as detailed in Annex 1.

About the Author

This update has been authored by Dr Luana Agius, Junior Regulated Industries Advisor. For additional information kindly contact us on info@csbgroup.com.

1 ‘Digital Operational Resilience Act (DORA)’ <www.digital-operational-resilience-act.com/> accessed 4 January 2023.

'Credit & Financial Institutions' Related News Articles

01
MiCA Update: Consultation Process on the Proposed Updates to Chapter 3 of the VFA Rulebook
Ganado Advocates

by Ganado Advocates

1st November 2023

Continuing to disclose the topic EU funding for Startups ¦ Startup Definition
Griffiths + Associates Ltd

by Griffiths + Associates Ltd

31st October 2023

EU Court’s Landmark Ruling: Restricting Financial Ties to Combat Money Laundering and Terrorism Financing
Ganado Advocates

by Ganado Advocates

16th August 2023

ESMA issues public statement in relation to sustainability disclosures in prospectuses
Ganado Advocates

by Ganado Advocates

16th August 2023

The new notified PIFs framework: MFSA publishes consultation document on regulatory changes
Ganado Advocates

by Ganado Advocates

26th May 2023

BOV Asset Management Limited launches the Global Multi-Asset Thematic 60 Fund managed by Fidelity International
Bank of Valletta

by Bank of Valletta

7th May 2023

INFOCREDIT GROUP AMONG THE SPONSORS OF MALTA FINANCIAL CRIME COMPLIANCE CONFERENCE 2023
Infocredit Group Limited

by Infocredit Group Limited

3rd May 2023

The classification of cryptoassets under the new Markets in Crypto-Assets Regulation
Ganado Advocates

by Ganado Advocates

24th February 2023

Welcome to “Enterprise Innovation” ¦ 23 February 2023 at Salini Resort Hotel
Griffiths + Associates Ltd

by Griffiths + Associates Ltd

20th February 2023