Global Trustee and Fiduciary Services Bite-Sized Issue 4 2024

Global Trustee and Fiduciary Services Bite-Sized | Issue 4 | 2024 11 QUICK LINKS AIFMD BENCHMARK REGULATION CBDC COSTS & CHARGES CRYPTOASSETS CYBERSECURITY DIVERSITY & INCLUSION FINTECH IFD/IFR LIBOR TRANSITION MIFID II/MIFIR OPERATIONAL RESILIENCE PRIIPS RETAIL INVESTMENT STRATEGY SETTLEMENT SUSTAINABLE FINANCE/ESG UCITS ASIA LUXEMBOURG NORTH AMERICA UNITED KINGDOM HM Treasury’s Approach to Designating Critical Third Parties On 21 March 2024, His Majesty’s Treasury (HMT) published a paper outlining its approach to designating critical third-parties to the UK financial services sector. The paper outlines the end-to-end process: from receipt of a recommendation from the financial regulators; through engagement with the third-party supplier, the financial regulators, and other relevant organisations; to the consideration of evidence before a designation decision. The paper also describes how HM Treasury will communicate a decision to third-party suppliers and outlines the Designation Regulations process. The paper also describes the process of de-designating a critical third party. Link to the Paper here FSB Guidance on Arrangements to Support Operational Continuity in Resolution (Revised Version 2024) On 18 March 2024, the Financial Stability Board (FSB) published a supplementary note to its Guidance on Arrangements to Support Operational Continuity in Resolution, originally published on 18 August 2016. The FSB states that, as part of the digitalisation of the financial services sector, financial institutions have increased their dependencies on third-party service providers in supporting critical shared services in recent years. The FSB’s view is this can bring multiple benefits to financial institutions, including flexibility, innovation and improved operational resilience. However, if not properly managed, disruption to critical shared services could affect the continued provision of critical functions, posing risks to orderly resolution and, in some cases, financial stability. Following a review conducted during 2023 to assess the application of the Guidance in an evolved context where firms are increasingly relying on third-party service providers, the FSB has reissued the Guidance to include a supplementary note on the digitalisation of critical shared services as an addendum. The supplementary note does not create any new guidance or requirements. Rather, it specifies, for each section of the 2016 Guidance, how authorities and firms should think about the continuity of critical shared services in resolution when those services are digital. Link to Revised Guidance here European Commission Adopts RTS On 13 March 2024, the European Commission adopted three new regulatory technical standards (RTS) to supplement Digital Operational Resilience Act (DORA). The RTSs complement the EU regulatory frameworks on cybersecurity matters for the financial sector by specifying: 1. Rules to classify cyber incidents; 2. Rules to harmonise ICT risk management tools, methods, processes and security policies for the financial entities; and 3. Rules to establish the elements of risk that financial entities shall take into account when developing their policy on the use of ICT services supporting critical or important functions provided by ICT third-party service providers. The next stage is for the European Parliament and the Council of the EU to scrutinise and adopt the acts prior to publication in the Official Journal of the EU. Link to the RTS here Getting Ready for DORA: ICT Risk Management On 7 March 2024, the Dutch Authority for the Financial Markets (AFM) issued its third publication explaining the key aspects of the DORA. This edition focuses on ICT risk management. The AFM states that by paying careful attention to ICT risk management, organisations gain an understanding of their ICT risks and how to minimise the related effects. This will help in enhancing the digital resilience of companies.