With DORA in effect and the European Banking Authority’s updated guidelines for non-ICT services under consultation, financial entities must consider their approach to third-party risk management.
After DORA became effective...more
The UK government has set ambitious goals in the realm of artificial intelligence (AI) and data infrastructure since the 2024 general election, with further significant announcements and commitments to follow. Businesses...more
The CRA will affect a broad range of digital products placed on the EU market (including by those based outside the EU), including connected hardware/devices, software and remote data processing solutions. The EU has adopted...more
4/16/2025
/ Cybersecurity ,
Data Processors ,
Digital Operational Resilience Act (DORA) ,
Distributors ,
EU ,
General Data Protection Regulation (GDPR) ,
Hardware ,
Importers ,
Manufacturers ,
New Legislation ,
Popular ,
Regulatory Requirements ,
Risk Assessment ,
Software ,
Supply Chain
The EU Digital Operational Resilience Act introduces a regulatory oversight framework for information and communications technology service providers that are considered “critical” for financial entities within the...more
The NIS 2 Directive requires a wide range of in-scope organizations to adopt robust cybersecurity measures and incident response plans....more
11/5/2024
/ Compliance ,
Cyber Threats ,
Cybersecurity ,
Employee Training ,
Enforcement ,
EU ,
European Commission ,
Fines ,
General Data Protection Regulation (GDPR) ,
Incident Response Plans ,
Penalties ,
Reporting Requirements ,
Supply Chain
With the DORA compliance deadline on the horizon at the start of 2025, EU financial entities should be engaging in both internal and external preparations to meet their new regulatory obligations.
The EU Digital...more
There will be additional compliance obligations and mandatory contractual provisions introduced for financial entities and outsourced IT service providers.
The new DORA seeks to strengthen the resilience of financial...more
7/21/2023
/ Cybersecurity ,
Cybersecurity Framework ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
Financial Institutions ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
Information and Communication Technology (ICT) ,
Information Technology ,
Internet Service Providers (ISPs) ,
New Legislation ,
New Regulations ,
Third-Party Service Provider
From September 30, 2019, new guidelines on outsourcing arrangements (Guidelines) issued by the European Banking Authority (EBA) will apply to all outsourcing arrangements entered into, reviewed or amended on or after this...more
Payment service providers operating in the EU must take note of new risk management requirements from the European Banking Authority.
The European Banking Authority’s operational and risk management guidelines apply to all...more
1/29/2018
/ Banking Sector ,
Capital Markets ,
Cloud Computing ,
Cybersecurity ,
EU ,
European Banking Authority (EBA) ,
Financial Conduct Authority (FCA) ,
Financial Institutions ,
Payment Systems ,
Policies and Procedures ,
Risk Management
Financial institutions should take note of, and make every effort to comply with, the European Banking Authority’s new cloud computing guidance which will be effective from 1 July 2018.
In order to clarify EU-wide...more
1/24/2018
/ Banking Sector ,
Capital Requirements Regulation (CRR) ,
Cloud Computing ,
Cloud Service Providers (CSPs) ,
Creditors ,
Data Processors ,
Data Protection ,
EU ,
Financial Institutions ,
MiFID II ,
Outsourcing ,
Popular