ESAs Consultation on DORA Policy Products
Following the entry into force of DORA at the beginning of the year and in line with the policy mandates contained in the Regulation, the ESAs issued a public consultation on the first batch of related policy products. Credit institutions are encouraged to participate and to provide their feedback to the consultation which will run until 11 September 2023 and covers the following areas:
- RTS on ICT risk management framework and RTS on simplified ICT risk management framework. These are two related RTSs which are being proposed to be issued under one joint RTS. The standards provide key requirements on important areas and compliments the existent ICT risk management framework present in DORA. A simplified framework will apply only to a limited number of categories for smaller/less interconnected financial entities.
- RTS on the criteria for the classification of ICT-related incidents setting out a number of harmonised requirements.
- Implementing Technical Standards (ITS) establishing the templates for the register of information, where entities maintain all contractual arrangements on the provision of ICT services by third party providers.
- RTS specifying the policy on ICT services performed by ICT third-party providers detailing the different phases undertaken by entities during the life cycle of their arrangements management.
EBA Report on LCR and NSFR
On 15 June 2023, the EBA published its third report on the monitoring of the liquidity coverage ratio (LCR) and net stable funding ratio (NSFR) implementation in the EU. Notwithstanding the different dynamics of EU economies and the various funding channels within the bloc, some good management practices remain essential for the maintenance of a healthy and viable credit institution.
This report emphasizes the importance of having proper funding plans. These plans need to be reviewed and monitored on an ongoing basis, with institutions duly considering the various market factors and how these could affect such plans. Local institutions are reminded to devote the appropriate effort on this area which is deemed crucial for their day-to-day business operations.
Commission Proposals on Payment Services and Financial Data Access
At the end of June the European Commission published a number of proposals which continue to push the digital agenda at the forefront. These proposals include amendments to the current Payment Services Directive (PSD3), the creation of a new Payments Services Regulation (PSR), and new Regulation on a framework for financial data access. These proposals have the following objectives:
- To combat and mitigate payment fraud;
- Improving consumer rights;
- Creating an enhanced level playing field between banks and non-banks;
- Improving the functioning of open banking;
- Improving the availability of cash in shops and via ATMs; and
- Strengthening harmonisation and enforcement.
The legislative proposal relating to financial data access aims to address the lack of customer control over the access and sharing of data beyond payment accounts. Leveraging on data driven business models and with better safeguards in place for sharing financial data, financial products and services could potentially be tailored to the specific customer’s needs.
These proposals are expected to impact credit institutions and certainly require an in-depth review, which, amongst others, needs to consider the required processes and systems enhancements.
Commission Proposal on Instant Payments
Following the proposal on instant payments issued by the European Commission last year, the Council issued a press release on 22 May declaring that it had agreed its position on such proposal. This allows for negotiations to commence and to move closer to a finalised version of this Regulation.
Credit institutions are reminded to devote the appropriate resources for this area and to plan beforehand for the required infrastructural enhancements.
