Fintech Focus Podcast | Navigating IT and Security Risks in Fintechs in Light of Impending DORA Deadline
Our monthly regulatory newsletter monitors all relevant developments regarding German and European regulatory law in English language. BMF: Draft bill for the Banking Directive Implementation and Bureaucracy Relief Act...more
The European Banking Authority (EBA) recently published a consultation paper (Consultation) that proposes to expand third-party risk management requirements for certain EU-regulated financial entities. The Consultation would...more
The European Banking Authority (EBA) published single rulebook Q&A relating to the Digital Operational Resilience Act (DORA). The answers to the questions were given by the joint European Supervisory Authorities....more
The European Banking Authority (EBA) launched a consultation on proposed revisions to its guidelines on internal governance under the Capital Requirements Directive (CRD). The revisions form part of the EBA's broader roadmap...more
The European Supervisory Authorities (ESAs) recently published a comprehensive guide (Guide) on the oversight of critical information and communications technology (ICT) third-party service providers (CTPPs) under the EU...more
Key takeaways The EU NIS2 Directive defines cybersecurity obligations also for entities providing IT services only within their own corporate group of companies. To assess the applicability of these obligations, the necessary...more
The UK Financial Conduct Authority (FCA) has published a new webpage summarising the findings of its multi-firm review into how benchmark administrators (BMA) manage data-related risks. While the FCA found some firms to...more
As cybersecurity rises to the top of the corporate agenda, businesses face growing pressure to comply with the EU’s evolving regulatory landscape. Whether your company falls directly under EU cybersecurity laws or is...more
The European Central Bank (ECB) has published its final guide on outsourcing cloud services, following from a July 2024 consultation. Feedback on the consultation is set out in an accompanying feedback statement. The guide...more
To help organizations stay on top of the main developments in European digital compliance, Morrison Foerster’s European Digital Regulatory Compliance team reports on some of the main topical digital regulatory and compliance...more
The EU has introduced Delegated Regulation (EU) 2025/1190, establishing the first harmonized standards for threat-led penetration testing ("TLPT") across the financial sector. The regulation aims to strengthen the cyber...more
With DORA in effect and the European Banking Authority’s updated guidelines for non-ICT services under consultation, financial entities must consider their approach to third-party risk management. After DORA became effective...more
- What is new: The EU’s Delegated Regulation on Subcontracting has come into force, completing the legal framework of the Digital Operational Resilience Act (DORA). Attention will now turn to enforcement. - Why it matters:...more
The European Securities and Markets Authority (ESMA) has published its final report, updating the 2021 guidelines on outsourcing to cloud service providers in line with the Digital Operational Resilience Act (DORA). The 2021...more
The Bank of England's Financial Policy Committee (FPC) has published its July financial stability report alongside the record of its 27 June meeting. After assessing the risks to the UK financial system, the FPC reports that...more
The European Banking Authority (EBA) has published a consultation paper on its draft guidelines for managing third-party risk with regards to non-ICT related services. The guidelines will revise and update its prior 2019...more
Commission Delegated Regulation (EU) 2025/532 has been published in the Official Journal of the European Union. The Delegated Regulation supplements the Digital Operational Resilience Act (DORA) with regard to regulatory...more
The Digital Operational Resilience Act ("DORA") is the EU's latest legislative effort to enhance digital operational resilience across the financial sector through a harmonised set of rules for managing information and...more
The Delegated Regulation, which contains regulatory technical standards (RTS) on threat-led penetration testing (TLPT) requirements under the EU Digital Operational Resilience Act (DORA), was recently published in the...more
Commission Delegated Regulation (EU) 2025/1190 of 13 February has been published in the Official Journal of the European Union. The Delegated Regulation supplements the Digital Operational Resilience Act (DORA) with regard to...more
DORA (Digital Operational Resilience Act) is an EU regulation that sets rules for how financial entities manage ICT (Information and Communication Technology) risks. It covers areas like cyber resilience, incident reporting,...more
A corrigendum to Commission Delegated Regulation (EU) 2024/1774, which supplements the Regulation on digital operational resilience for the financial sector (DORA), was published in the Official Journal of the European Union...more
The European Parliament's Committee on Economic and Monetary Affairs (ECON) has released a draft report (dated 14 May) and motion for a European Parliament resolution on the impact of artificial intelligence (AI) on the...more
As regulatory frameworks tighten and cybersecurity threats grow in complexity, operational resilience is, now more than ever, a boardroom challenge for banks....more
The Financial Services Regulatory Initiatives Forum (the Forum) has published the Regulatory Initiatives Forum Grid (the Grid), with the UK Financial Conduct Authority (FCA) also updating its webpage. The previous Grid was...more