Global Trustee and Fiduciary Services Bite-Sized Issue 7 2024

2 QUICK LINKS CBDC CYBERSECURITY DIVERSITY DORA FINTECH IOSCO MICA OPERATIONAL RESILIENCE PRIIPS RETAIL INVESTMENT PACKAGE SUSTAINABLE FINANCE/ ESG T+1 TOKENISATION ASIA EUROPE LUXEMBOURG NORTH AMERICA UNITED KINGDOM Global Trustee and Fiduciary Services Bite-Sized | Issue 7 | 2024 CYBERSECURITY ESAs and ENISA Sign a MoU to Strengthen Cooperation and Information Exchange On 5 June 2024, the European Supervisory Authorities (EBA, EIOPA, and ESMA – the ESAs) announced that they had concluded a multilateral Memorandum of Understanding (MoU) to strengthen cooperation and information exchange with the European Union Agency for Cybersecurity (ENISA). The ESAs state that this multilateral MoU formalises the ongoing discussions between the ESAs and ENISA to strengthen their already close cooperation, as a result of the Directive on measures for a high common level of cybersecurity (commonly referred to as NIS2 Directive) and the Digital Operational Resilience Act. The ESAs say that the MoU sets out the framework for cooperation and exchange of information on tasks of mutual interest, including policy implementation, incident reporting, and oversight of critical Information Communication Technologies third-party providers. It should also promote regulatory convergence, facilitate cross-sectoral learning and capacity building on areas of mutual interest, and information exchange on emerging technologies. Link to MoU here DIVERSITY SEC Invites Regulated Entities to Submit Self-Assessments of Diversity Policies and Practices On 5 June 2024, the Securities and Exchange Commission (SEC) announced it had commenced its biennial collection of Diversity Self-Assessment Submissions from Regulated Entities. The SEC says that engaging in a self-assessment provides an opportunity for organisations to closely review their diversity and inclusion policies and practices for any strengths, opportunities, risks, and vulnerabilities. The SEC says that it uses the important data from the submissions to assess and report on progress and trends in regulated entity diversity-related activities. The SEC also states that conducting and submitting diversity self-assessments is voluntary and is not part of it’s examination process. As noted in invitation letters, SEC-regulated entities may use the Diversity Self-Assessment Tool DSAT) to conduct a self-assessment. Alternatively, regulated entities may submit diversity self-assessments in the format of their choice. The SEC’s Office of Minority and Women Inclusion has also published a set of Frequently Asked Questions to provide more information about voluntary self-assessments and the DSAT. Link to SEC Press Release here DORA AFMDORA Update: Management, Classification and Reporting of ICT-related Incidents On 27 June 2024, the Dutch Authority for the Financial Markets (AFM) published its fourth Digital Operational Resilience Act (DORA) update in which the substantive aspects of the DORA are explained. In this guide the AFM discusses ICT-related incidents. Management of ICT-related incidents To limit the effects of ICT-related incidents, the AFM says that it is important that they are adequately detected and handled. This requires a robust management process, consistent classification, and registration, and reporting to the regulator. This contributes to greater digital resilience of companies. The AFM states that its latest DORA update takes a closer look at the management of ICT incidents, the classification and registration of ICT incidents and the reporting of serious ICT incidents and significant cyber threats.