Quick links:

Defence against cyber attacks: stringent new EU rules

Open-access content Tuesday 6th December 2022 updated 10.06am, Wednesday 7th December 2022
web_system-hacked_credit_iStock-1144604245.png

Financial-service companies and the tech giants that supply them must show how quickly they can recover from a cyber attack under new operational resilience obligations passed by the EU.

The Council of Ministers has approved the Digital Operational Resilience Act (DORA), comprising a regulation and a directive, which aims to prevent and mitigate against cyber threats. Under the legislation, financial institutions must ensure they have robust mechanisms in place for reporting major technology security incidents, for business continuity and for disaster recovery.

DORA also introduces direct regulation of major technology firms to financial institutions under a framework that gives powers to European supervisory authorities to designate specific third-party service providers for regulation, and then oversee their compliance.

The move follows increasing fears among regulators about the speed and scale at which insurers and banks are shifting crucial functions and operations to cloud platforms managed by Amazon, Microsoft, Google and IBM.

“Financial firms already have plans for IT security but more was needed so they stay resilient through a severe disruption,” said Zbynek Stanjura, finance minister for the Czech Republic, which holds the EU presidency. “If a large-scale attack on the European financial sector is launched, we will be prepared for it.”

Observers commented that DORA’s impact will be felt beyond the EU. “Even though DORA will not apply directly in the UK, UK companies with business in Europe will be subject to its requirements,” said Pinsent Masons partner Yvonne Dunn, who specialises in technology contracts for financial services. “Even for UK businesses that will be outside the scope of DORA, the legislation offers an insight into how UK policy and regulation around operational resilience is likely to develop.”

Ms Dunn pointed to rules set last March by the Prudential Regulations Authority, the Financial Conduct Authority and Bank of England, which showed that UK regulators want firms to shift away from considering the resilience of individual systems and operational resources and towards “the continuity of the services that they provide to their external end users, customers or participants.”

Image credit | iStock

You may also be interested in...

web_Collage-of-green-energy_credit_iStock-1396455308.png

Climate disclosures falling short

Companies are disclosing incomplete information on how they are tackling climate change, leaving investors and stakeholders struggling to take meaningful decisions on their portfolios and spending, a study reveals.
Tuesday 6th December 2022
Open-access content
web_Tank-pouring-liquid-steel_credit_iStock-888549562.png

Watchdog unveils £49m scheme for British Steel pension scandal

The Financial Conduct Authority (FCA) has unveiled a £49m scheme to be paid for by financial firms that gave poor advice to former British Steel pension scheme members.
Tuesday 6th December 2022
Open-access content
resized_dwp-v4.png

Government under fire for lagging on fixing state pension errors

The Department for Works and Pensions (DWP) is years behind schedule in fixing hundreds of thousands of errors in state pension payments, according to recent statistics.
Wednesday 7th December 2022
Open-access content
web_Woman-giving-investment-advice_credit_Zivica-Kerkez_shutterstock_2105850872.jpg

FCA unveils moves for more accessible financial advice

Proposals to improve people’s access to financial advice and help them to invest with confidence have been unveiled by the Financial Conduct Authority (FCA).
Wednesday 7th December 2022
Open-access content
z

The right move: Matt Saker on why members should vote ‘Yes’ to Chartered Actuary

Matt Saker outlines why he believes IFoA members should vote ‘Yes’ to Chartered Actuary
Wednesday 30th November 2022
Open-access content
web_Ships-in-harbour-with-orange-sunrise_credit_iStock-1335489644.png

Research highlights major causes of marine insurance claims

Fire, damaged cargo, and collision and sinking are the top causes of global marine insurance losses by value, according to recent analysis.
Wednesday 30th November 2022
Open-access content
Also filed in
News