EBA Streamlines ICT Risk Management Requirements Under DORA: What You Need to Know

EBA Streamlines ICT Risk Management Requirements Under DORA: What You Need to Know

The European Banking Authority (EBA) has made significant updates to its Guidelines on ICT and security risk management, aligning them with the Digital Operational Resilience Act (DORA), which will come into effect on January 17, 2025. These revisions aim to streamline the ICT risk management framework while providing legal clarity to the financial sector.

Revisions to EBA Guidelines for ICT Risk Management

The EBA has narrowed the scope of its Guidelines, focusing specifically on the entities affected by DORA. This includes:

  • Credit institutions
  • Payment institutions
  • Account information service providers

By doing so, the EBA aims to eliminate potential overlaps with existing regulations and ensure consistent ICT risk management practices across the board.

Key Changes in the Guidelines

One of the most notable changes in the revised Guidelines is the limited scope concerning the types of entities covered. The new focus includes:

  • Credit institutions
  • Payment institutions
  • Exempted payment institutions
  • Exempted e-money institutions

This revision excludes other types of payment service providers (PSPs) that do not fall under DORA. PSPs operating under the Payment Services Directive (PSD2) will continue to adhere to operational and security risk management requirements established since the directive’s implementation in 2018.

Focus on Relationship Management

Another significant adjustment in the Guidelines pertains to relationship management for payment service users. The EBA has streamlined the requirements to concentrate solely on the provision of payment services, thereby avoiding duplication of existing regulatory requirements.

Background of the Guidelines

The original Guidelines were published in November 2019 and were based on the provisions of:

  • Article 74 of Directive 2013/36/EU (CRD)
  • Article 95(3) of Directive (EU) 2015/2366 (PSD2)
READ ALSO  Gala Technology Unveils SOTpay Connect: Revolutionizing Payment Processing for Seamless Transactions

These earlier guidelines outlined the ICT and security risk management requirements for various financial entities. The recent updates reflect the evolving regulatory landscape as the industry prepares for DORA’s implementation in January 2025.

For more information on EBA guidelines and the upcoming Digital Operational Resilience Act, visit the respective websites.

Stay informed about these critical changes in financial regulations to ensure compliance and effective risk management strategies in your organization.

Similar Posts

UK Dominates European InsurTech Landscape in 2024, Capturing One-Third of All Investment Deals

UK Dominates European InsurTech Landscape in 2024, Capturing One-Third of All Investment Deals

Bysupport

In 2024, the European InsurTech sector faced significant challenges, with total funding dropping to $1.7 billion, a 25% decrease from 2023 and a 62% decline since 2020. Deal volume also fell sharply to 75, marking a 54% year-over-year decline. The UK remained the leading InsurTech hub, completing 24 deals, followed by France with 16 and Germany with 10. Notably, hyperexponential, a leader in pricing decision intelligence software, secured $73 million in Series B funding and plans to expand into the U.S. market, aiming to double its workforce by 2025 to meet growing demand in the insurance sector.

Unlocking Social Innovation: Explore the Top Apps Revolutionizing Experiences on the AT Protocol Beyond Bluesky

Unlocking Social Innovation: Explore the Top Apps Revolutionizing Experiences on the AT Protocol Beyond Bluesky

Bysupport

Bluesky, a rapidly growing social network launched a year ago, has attracted over 33 million users and is built on the innovative AT Protocol. This platform aims to reshape the social web, emphasizing user control and data ownership. At the recent ATmosphere conference in Seattle, developers discussed the future of AT Protocol applications. Bluesky leads this movement, with various apps emerging, including Flashes for photo sharing, Streamplace for livestreaming, and Graze for customized feeds. These applications prioritize open technology and user autonomy, marking a significant shift from traditional social media dominated by tech giants.

Mastering Compliance: Navigating Regulatory Risks in Continuation Funds

Mastering Compliance: Navigating Regulatory Risks in Continuation Funds

Bysupport

High interest rates and market volatility are prompting asset managers to reconsider investment strategies, leading to increased use of GP-led secondary transactions and continuation funds. These transactions allow general partners to acquire assets from existing funds, helping retain control without immediate liquidation. The SEC is monitoring these activities due to concerns about conflicts of interest and regulatory compliance, highlighted by a recent enforcement action. To mitigate risks, asset managers should ensure compliance with conflict policies, document investment decisions, follow fair valuation practices, and obtain necessary investor consents. Technology solutions like those offered by ACA Signature can assist in navigating these challenges.

Adobe Unveils Revolutionary Photoshop App for iPhone: Transform Your Photos on the Go!

Adobe Unveils Revolutionary Photoshop App for iPhone: Transform Your Photos on the Go!

Bysupport

Adobe has launched Photoshop for mobile, starting with an iOS app, with an Android version expected later this year. The app features both free and premium options, offering tools like layering, masking, and AI capabilities, optimized for mobile use. A $7.99 monthly subscription unlocks advanced features, including a seamless transition to Photoshop on the web and access to over 20,000 fonts. The app caters to a younger audience, enabling creative tasks like digital art and mood board creation. Available now in the Apple App Store, this launch aims to enhance creativity for users on-the-go.

Revolutionizing Financial Crime Prevention: How Consilient Leverages Federated AI for Enhanced Security

Revolutionizing Financial Crime Prevention: How Consilient Leverages Federated AI for Enhanced Security

Bysupport

Founded in 2020, Washington, D.C.-based Consilient addresses the inefficiencies of traditional Anti-Money Laundering (AML) and Counter-Financing of Terrorism (CFT) systems. CEO Ajit Tharaken highlights challenges like high false positive rates, inability to adapt to evolving criminal tactics, and significant costs. Consilient utilizes AI-driven solutions, specifically Federated Machine Learning, to enhance detection by identifying 3-5 times more suspicious activities and reducing false positives by up to 80%, all while ensuring compliance with data privacy laws. As regulatory landscapes evolve, Tharaken emphasizes the need for collaboration among stakeholders to standardize AI models for improved financial crime prevention.

Unveiling the Hidden Carbon Costs: The Untold Impact of ESG Reporting

Unveiling the Hidden Carbon Costs: The Untold Impact of ESG Reporting

Bysupport

Sustainability reporting is essential for organizations to track carbon emissions, yet the digital infrastructure supporting these reports, such as cloud storage and ESG software, significantly contributes to electricity consumption, often sourced from fossil fuels. Research shows that managing ESG data can escalate Scope 3 emissions. Companies can reduce their digital carbon footprint by consolidating data, streamlining updates, choosing sustainable cloud providers, and minimizing digital communication. Including IT-related emissions in sustainability assessments is crucial, as transitioning to renewable energy-powered cloud services could potentially lower emissions by up to 40%. Optimizing these processes is vital for genuine corporate sustainability commitment.