Global Trustee and Fiduciary Services Bite-Sized Issue 4 2024

Global Trustee and Fiduciary Services Bite-Sized | Issue 4 | 2024 12 QUICK LINKS AIFMD BENCHMARK REGULATION CBDC COSTS & CHARGES CRYPTOASSETS CYBERSECURITY DIVERSITY & INCLUSION FINTECH IFD/IFR LIBOR TRANSITION MIFID II/MIFIR OPERATIONAL RESILIENCE PRIIPS RETAIL INVESTMENT STRATEGY SETTLEMENT SUSTAINABLE FINANCE/ESG UCITS ASIA LUXEMBOURG NORTH AMERICA UNITED KINGDOM This DORA Update deals in detail with, among other things, the ICT risk management framework, Business Continuity Management and employee learning and evolving in relation to ICT security and digital operational resilience. Link to the Update here NewDigital Infrastructure Act to Enhance Resilience & Security of Digital Infrastructure & Services On 1 March 2024, the Singapore Ministry of Communications and Information announced that the inter-agency Taskforce on the Resilience and Security of Digital Infrastructure and Services (Taskforce) is studying the introduction of a Digital Infrastructure Act (DIA) to enhance the resilience and security of key digital infrastructure and services. Currently, the cybersecurity and resilience of critical information infrastructure is governed by the Cybersecurity Act (CS Act). Recent disruptions have prompted the Government of Singapore to go beyond the CS Act to enhance the resilience and security of other digital infrastructure and services. As a result, the Taskforce has been reviewing the evolving risk landscape, studying measures deployed by other countries which are similarly facing these issues, and developing measures suited to Singapore’s context. The DIA is one such measure that the Taskforce is developing. The DIA is intended to complement the Government’s other regulatory levers, such as the CS Act which focuses on mitigating cyber-related risks. It will go beyond cybersecurity to address a broader set of resilience risks faced by digital infrastructure and service providers, ranging frommisconfigurations in technical architecture, to physical hazards such as fires, water leaks, and cooling system failures. In scoping the DIA, the Taskforce is studying the digital infrastructure ecosystem in Singapore to identify those which would have a systemic impact on Singapore’s economy and society if disrupted. Examples include data centres and cloud services, and support the delivery of many widely-used digital services (e.g., banking and payments, ride-hailing, and digital identities). The Taskforce is also formulating the requirements that the regulated entities would be subject to under the DIA. This will take into account Singapore’s operating context as well as international developments. For example, jurisdictions such as the European Union have introduced incident reporting requirements and baseline resilience and security standards which regulated entities must comply with. The incident reporting requirements would aim to deepen the Government’s situational awareness and understanding of systemic risk when disruptions occur. Collectively, these requirements could contribute to the prevention of disruptions and effective recovery should disruptions occur. The Taskforce will continue to consult stakeholders as it develops its proposals. The Taskforce is also exploring non-regulatory measures to complement Singapore’s laws. These could include providing guidance to digital infrastructure and service providers on best practices for resilience and security to ensure business continuity. Link to Full Statement here PRIIPS ESAs Publish Updated Consolidated Q&As on the PRIIPs KID On 15 March 2024, the Joint Committee of the European Supervisory Authorities (ESMA, EBA and EIOPA – the ESAs) published an updated version of its Consolidated questions and answers (Q&A) on the PRIIPs Key Information Document (KID). New Q&As were added to the following sections: I. General topics. Q12. Please clarify the term “PRIIPs open to subscription”?