Fintech Focus Podcast | Navigating IT and Security Risks in Fintechs in Light of Impending DORA Deadline
The European Banking Authority (EBA) recently published a consultation paper (Consultation) that proposes to expand third-party risk management requirements for certain EU-regulated financial entities. The Consultation would...more
The European Supervisory Authorities (ESAs) recently published a comprehensive guide (Guide) on the oversight of critical information and communications technology (ICT) third-party service providers (CTPPs) under the EU...more
The UK Financial Conduct Authority (FCA) has published a new webpage summarising the findings of its multi-firm review into how benchmark administrators (BMA) manage data-related risks. While the FCA found some firms to...more
The European Central Bank (ECB) has published its final guide on outsourcing cloud services, following from a July 2024 consultation. Feedback on the consultation is set out in an accompanying feedback statement. The guide...more
The European Supervisory Authorities (European Banking Authority, European Insurance Occupational Pensions Authority, and European Securities and Markets Authority) have published a joint guide detailing their oversight...more
DORA (Digital Operational Resilience Act) is an EU regulation that sets rules for how financial entities manage ICT (Information and Communication Technology) risks. It covers areas like cyber resilience, incident reporting,...more
A corrigendum to Commission Delegated Regulation (EU) 2024/1774, which supplements the Regulation on digital operational resilience for the financial sector (DORA), was published in the Official Journal of the European Union...more
The Financial Stability Board (FSB) has published its finalised Format for Incident Reporting Exchange (FIRE), together with a press release and updated webpage. FIRE provides a standardised format for financial institutions...more
Commission Delegated Regulation 2025/420 has been published in the Official Journal of the EU. This Delegated Regulation supplements Regulation 2022/2554 on digital operational resilience for the financial sector (DORA)...more
The EU Digital Operational Resilience Act (DORA) took effect on 17 January 2025 after a two-year implementation period. DORA sets out new requirements for financial entities (FEs) and their information technology and...more
The European Securities and Markets Authority (ESMA) has published official translations of its guidelines on situations in which a third-country firm is deemed to solicit clients established or situated in the EU and...more
The European Supervisory Authorities (ESAs) have published a roadmap for the designation of critical ICT third-party service providers (CTPPs) under the EU Digital Operational Resilience Act (DORA). The roadmap of key dates...more
On 18 December 2024, the German Parliament (Bundestag) passed the Act on the Digitalization of Financial Markets (Finanzmarktdigitalisierungsgesetz, the "Act"). The Act is intended to complement key measures of the European...more