On 8 September 2021, the ESAs Joint Committee published its second joint risk assessment report for 2021.
The report explains that financial institutions and supervisors should continue to carefully manage their ICT and cyber risks and should ensure that appropriate technologies and adequate control frameworks are in place to address threats to information security and business continuity, including risks stemming from increasingly sophisticated cyber-attacks. It will be vital for EU financial institutions to achieve a high common level of digital operational resilience, and to swiftly put in place an EU-wide common framework for digital operational resilience. The legislative proposal on digital operational resilience (DORA), which builds on the ESAs Joint Advices in the area of ICT, aims to put in place a comprehensive framework on digital operational resilience for EU financial entities, and to consolidate and upgrade ICT risk requirements spread over various financial services legislation like Directive 2013/36/EU (CRD), Directive 2015/2366/EU (PSD2) and Directive 2014/65/EU (MiFID II).

Download the document