The Joint Committee of the European Supervisory Authorities (ESAs) has published two pieces of joint advice in response to requests made by the European Commission in its March 2018 FinTech Action Plan
Joint Advice on the need for legislation improvements relating to Information and Communication Technology risk management requirements in the EU financial sector:
- Section 1.1 sets out analysis of the existing legislative requirements regarding information and communication technology (ICT) governance and security in the different sectors within the ESAs’ remit
- Following this, detailed proposals based on this analysis are in sections 2.1 and 2.2. It is worth nothing that in carrying out their analysis of existing ICT governance and security measures, the ESAs identified two related areas that may benefit from further action at EU level – ICT incident reporting and an appropriate oversight framework for monitoring critical service providers to the extent that their activities may impact relevant entities
Joint Advice on the costs and benefits of a coherent cyber resilience testing framework for significant markets participants and infrastructure within the EU financial sector:
- In the short term the ESAs advise to focus on achieving a minimum level of cyber-resilience across the sectors, proportionate to the needs and characteristics of the relevant entities. Furthermore, the ESAs propose to establish on a voluntary basis an EU wide coherent testing framework together with other relevant authorities taking into account existing initiatives, and with a focus on threat lead penetration testing
- In the long term, the ESAs aim to ensure a sufficient cyber maturity level of identified cross-sector entities.
The ESAs note that more work is needed by the ESAs together with other securities and experts to address specific practical and policy implementations questions.
To read more, please follow this link:
Contact us here
Please Note: This publication is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to. Readers should take legal advice before applying the information contained in this publication to specific issues or transactions.
Latest posts by Melissa Lewis (see all)
- FCA confirms extension of the Temporary Permissions Regime deadline - 16th July 2019
- FCA dear CEO letter for principals and appointed representatives in the investment management sector - 9th July 2019
- European Commission Delegated Regulation on RTS and measures to mitigate money laundering and terrorist financing risk - 25th June 2019