The European Commission has published a Proposal for a Regulation on Digital Operational Resilience (DOR) for the financial sector. It opted for a Regulation to have a directly applicable legal instrument unifying the ICT risk management rules across all Member States. The proposal is part of the Digital Finance package.
The DOR framework aims to:
– enhance and streamline the financial entities’ conduct of ICT risk management;
– establish a thorough testing of ICT systems;
– increase supervisors’ awareness of cyber risks and ICT-related incidents faced by financial entities;
– introduce powers for financial supervisors to oversee risks stemming from financial entities’ dependency on ICT third-party service providers (TPPs);
– create a consistent incident reporting mechanism that will help reduce administrative burdens for financial entities and strengthen supervisory effectiveness.
All provisions addressing digital risk in finance would for the first time be brought together in a single legislative act. Moreover, this Regulation establishes an Oversight Framework which applies to all critical ICT TPPs.