On 31 May 2024, the three European Supervisory Authorities (ESAs), namely the European Securities and Markets Authority (ESMA), the European Banking Authority (EBA) and the European Insurance and Occupational Pensions Authority (EIOPA), published templates and tools for a voluntary dry run exercise to support the implementation of DORA. All materials can be found on the webpage of the dry run exercise and Financial Entities (FEs) can use them to prepare and report their registers of information of contractual arrangements on the use of information and communications technology (ICT) third-party service providers (TPSPs) in the context of the dry run exercise, and to understand supervisory expectations for the reporting of said registers from 2025. The published materials include: templates for the registers of information with an example (in Excel format), a draft technical package for reporting, including a data point model (DPM), an annotated table layout and validation rules; an optional tool (VBA macro) to assist with the conversion of Excel templates into .csv files and .zip files; a frequently asked questions (FAQ) document regarding the exercise; a draft taxonomy. The participating FEs are expected to submit their registers of information to the ESAs via their CAs between 1 July and 30 August 2024. A dedicated virtual workshop will be organised on 10 June 2024 from 10h to 12h, and FEs are invited to register by 5 June 2024 via the following link.
Related Posts
ESAs publication of the Joint Final Report on the draft Regulatory Technical Standards (RTS) to specify the elements that a financial entity needs to determine and assess when subcontracting information and communication technology (ICT) services supporting critical or important functions as mandated under Regulation 2022/2554/EU (DORA), 26 July 2024
EBA publication of the Final Report on the Final Draft ITS amending Commission Implementing Regulation 2021/451/EU on supervisory reporting mentioned in Art. 430(7) of Regulation 575/2013/EU (CRR) concerning output floor, credit risk, market risk, operational risk, crypto assets and leverage ratio, 9 July 2024
Publication of the European Commission Delegated Regulation 2024/1774/EU supplementing Regulation 2022/2554/EU (DORA) with regard to RTS specifying ICT risk management tools, methods, processes and policies and the simplified ICT risk management framework in the Official Journal of the European Union, 25 June 2024
Publication of the European Commission Delegated Regulation 2024/1773/EU supplementing Regulation 2022/2554/EU (DORA) with regard to RTS specifying the detailed content of the policy regarding contractual arrangements on the use of ICT services supporting critical or important functions provided by ICT third-party service providers in the Official Journal of the European Union, 25 June 2024
Publication of the European Commission Delegated Regulation 2024/1772/EU supplementing Regulation 2022/2554/EU (DORA) with regard to RTS specifying the criteria for the classification of ICT-related incidents and cyber threats, setting out materiality thresholds and specifying the details of reports of major incidents in the Official Journal of the European Union, 25 June 2024