S&P Global Offerings
Featured Topics
Featured Products
Events
S&P Global Offerings
Featured Topics
Featured Products
Events
S&P Global Offerings
Featured Topics
Featured Products
Events
S&P Global Offerings
Featured Topics
Featured Products
Events
Corporations
Financial Institutions
Banking & Capital Markets
Economy & Finance
Energy Transition & Sustainability
Technology & Innovation
Podcasts & Newsletters
Corporations
Financial Institutions
Banking & Capital Markets
Economy & Finance
Energy Transition & Sustainability
Technology & Innovation
Podcasts & Newsletters
BLOG — Jun 26, 2023
(Update to October 2022 regulatory spotlight article)[1]
Background
Operational resilience in the financial sector continues to be a priority for Supervisory Authorities around the world, who are coordinating their efforts in this area.
The Digital Operational Resilience Act (DORA), is one of the most important upcoming legislative proposals that will shape third-party risk management (TPRM) requirements for the Financial Services industry in the European Union (E.U.). The game-changer is the expanded regulatory perimeter that captures Critical Third Parties. This includes non-financial organizations whose role is deemed critical to the functioning of financial markets.
DORA introduces new legislative powers, and as such, pertinent organizations will be accountable and required to demonstrate compliance by adhering to the policies and promoting resilience outcomes.
What is this spotlight about?
In this issue, we are featuring the joint Discussion Paper[2] by the three European Supervisory Authorities (EBA/ESMA/EIOPA), which specifies the criteria used to assess criticality and the fee structure for overseeing ICT third-party providers.
The feedback collected in this consultation will inform the technical advice that the ESAs will deliver to the European Commission.
Why does this development matter?
This development signals that Authorities are moving along the policy roadmap swiftly and seeking input into implementation considerations. This is an important milestone as it provides the criteria used to assess the criticality of ICT third-party service providers in the context of ICT risk and its potential impact on operational resilience. Considerations that need to be taken into account include:
Furthermore, the joint Discussion Paper proposes a structure, based on which oversight fees will be levied on organizations that fall within the scope of DORA as Critical Third-Party Providers (CTPPs). The Discussion Paper details the proposed method and basis for calculating the types of expenditures to be covered by oversight fees.
Key dates
The following are the next two important milestones on the roadmap.
[1] Regulatory Spotlight: DORA | S&P Global (spglobal.com)
[2] ESAs Discussion Paper CfA DORA criticality criteria and OVS fees_clean (europa.eu)
S&P Global provides industry-leading data, software and technology platforms and managed services to tackle some of the most difficult challenges in financial markets. We help our customers better understand complicated markets, reduce risk, operate more efficiently and comply with financial regulation.
This article was published by S&P Global Market Intelligence and not by S&P Global Ratings, which is a separately managed division of S&P Global.
Location