Latest News

ESAs mark ‘crucial step’ in DORA with publication of critical ICT third-party list

By Natalie Tuck

The European Supervisory Authorities have published the list of designated critical ICT third-party providers (CTPPs) under the Digital Operational Resilience Act (DORA).

The ESAs include the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA), and the European Securities and Markets Authority (ESMA).

They said it “marks a crucial step” in the implementation of the DORA oversight framework. The designation process adhered strictly to the methodology mandated by DORA.

The Registers of Information maintained by financial entities were used as a data source by the ESAs, as they detail contractual arrangements for ICT services.

Once this was completed, they undertook a detailed criticality assessment in cooperation with the Competent Authorities (CAs) across the EU from the banking, insurance and pensions, and securities and markets sectors.

“This assessment was carried out in line with the multifaceted criteria set out in DORA, which required a complete evaluation of a provider’s systemic importance, its role in supporting critical or important functions for financial entities, and the level of substitutability of its services,” the ESAs stated.

Finally, ICT third-party providers assessed as critical were formally notified.
“The final designation decisions were adopted following a careful review of all relevant information, ensuring the integrity of the process,” the ESAs stated.

The designated CTPPs provide a range of ICT services, from core infrastructure to business and data services, to financial entities of all types and sizes across the EU, reflecting their pivotal role within the financial ecosystem.

The objective of the DORA Oversight Framework, mandated to the ESAs, is to promote the sound management of ICT risk by the critical providers.

“Through direct oversight engagement, the ESAs will assess whether CTPPs have appropriate risk management and governance frameworks in place to ensure the resilience of the services they deliver to financial entities. This serves to mitigate risks that could impact the operational resilience of the financial sector of the EU,” they said.

The list of the CTPPs designated by the ESAs can be viewed here.


Share Story:

Recent Stories

ESAs mark ‘crucial step’ in DORA with publication of critical ICT third-party list

Changes needed to Finnish earnings-related pensions laws to improve return to work

USD 381bn of Nordic pension fund equities allocated to firms with all male board


Podcast: Stepping up to the challenge
In the latest European Pensions podcast, Natalie Tuck talks to PensionsEurope chair, Jerry Moriarty, about his new role and the European pension policy agenda

Podcast: The benefits of private equity in pension fund portfolios
The outbreak of the Covid-19 pandemic, in which stock markets have seen increased volatility, combined with global low interest rates has led to alternative asset classes rising in popularity. Private equity is one of the top runners in this category, and for good reason.

In this podcast, Munich Private Equity Partners Managing Director, Christopher Bär, chats to European Pensions Editor, Natalie Tuck, about the benefits private equity investments can bring to pension fund portfolios and the best approach to take.

Mitigating risk
BNP Paribas Asset Management’s head of pension solutions, Julien Halfon, discusses equity hedging with Laura Blows

© 2019 Perspective Publishing     Privacy & Cookies