Newsletter


shutterstock_2006018000
7 February 2023Analysis

MFSA spotlights EU’s push for digital resilience


The Malta Financial Services Authority (MFSA) has published an updated circular in relation to the Digital Operational Resilience Act (DORA), which was enacted to ensure that the financial sector in Europe is able to stay digitally resilient.

According to the MFSA the update comes as the European Union (EU) has been strengthening the information and communication technology (ICT) security of financial entities, such as banks, insurance companies and investment firms, due increasing numbers of cyber attacks.

Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations was recently published on the Official Journal of the EU and came into effect on the 16th of January 2023.

It will become fully applicable by the 17th of January 2025 after a two-year implementation period.

This Regulation “aims to consolidate and upgrade ICT risk requirements as part of the operational risk requirements that have, up to this point, been addressed separately in various Union legal acts. While those acts covered the main categories of financial risk (e.g. credit risk, market risk, counterparty credit risk and liquidity risk, market conduct risk), they did not comprehensively tackle, at the time of their adoption, all components of operational resilience.”

According to the MFSA: "DORA introduces provisions, subject to different layers of proportionality, on financial entities in the areas of ICT risk management, ICT-related incident management, classification and reporting, digital operational resilience testing, managing of ICT third-party risk (including an oversight framework of critical ICT-third party providers) and voluntary information-sharing arrangements, with the aim of assisting firms in ensuring that they can withstand, respond to and recover from all types of ICT-related disruptions and threats. The requirements imposed by DORA are homogenous across all EU member states, with the ultimate aim of preventing and mitigating cyber threats, and are essentially applicable to critical third parties which provide ICT-related services to financial entities."



Editor's picks

Acquisitions jigsaw
news
DARAG Insurance Guernsey buys up Cayman captive
19 April 2024

Editor's picks

news
DARAG Insurance Guernsey buys up Cayman captive
19 April 2024   The purchase from an unnamed multinational corporate is the latest captive transaction for DARAG.
news
VCIA to host captive management webinar
10 April 2024
news
Giles to join ClearPoint Health
9 April 2024
news
RMC emerges victorious against IRS in micro captive case
8 April 2024
news
CCRIF unveils four Ivan+20 scholarships
4 April 2024
news
Ryskex opens office in Lloyd’s building
4 April 2024

Related content

Committed to the captives sector
Captives and investments portfolios: separating myth from reality
Revolutionising risk transfer: the emergence of 144A cat bonds in captive
20 years on: evolving in tandem
A strong sense of purpose
Captive change and evolution
Celebrating 20 years of growth
Cayman Islands: 20 years of insurance