Global Trustee and Fiduciary Services Bite-Sized Issue 8 2024

9 QUICK LINKS AIFMD CBDC CRYPTOASSETS CSDR FINTECH FSB FUND LIQUIDITY MAR MIFID II/MIFIR OPERATIONAL RESILIENCE REMUNERATION SUSTAINABLE FINANCE/ ESG UCITS ASIA PACIFIC EUROPE IRELAND NORTH AMERICA UNITED KINGDOM Global Trustee and Fiduciary Services Bite-Sized | Issue 8 | 2024 ESAs publish Second Batch of Policy Products Under DORA On 17 July 2024, the ESAs published the second batch of policy products under the Digital Operational Resilience Act (DORA). This batch consists of four final draft regulatory technical standards (RTS), one set of Implementing Technical Standards (ITS) and 2 guidelines, all of which aim at enhancing the digital operational resilience of the EU’s financial sector. The package focuses on the reporting framework for ICT-related incidents (reporting clarity, templates) and threat-led penetration testing while also introducing some requirements on the design of the oversight framework, which enhance the digital operational resilience of the EU financial sector, thus also ensuring continuous and uninterrupted provision of financial services to customers and safety of their data. The final draft technical standards include: • RTS and ITS on the content, format, templates and timelines for reporting major ICT-related incidents and significant cyber threats; • RTS on the harmonisation of conditions enabling the conduct of the oversight activities; • RTS specifying the criteria for determining the composition of the joint examination team (JET); and • RTS on threat-led penetration testing (TLPT). The set of guidelines include: • Guidelines on the estimation of aggregated costs/losses caused bymajor ICT-related incidents; and • Guidelines on oversight cooperation. The final draft technical standards have been submitted to the European Commission, which will now start working on their review with the objective to adopt these policy products in the coming months. Link to the ESMA DORA Resource page here ESAs Establish Framework to Strengthen Coordination in Case of Systemic Cyber Incidents On 17 July 2024, the ESAs announced that they will establish the EU systemic cyber incident coordination framework (EU-SCICF), in the context of the DORA, that will facilitate an effective financial sector response to a cyber incident that poses a risk to financial stability, by strengthening the coordination among financial authorities and other relevant bodies in the European Union, as well as with key actors at international level. The ESAs state that, over the coming months, they will kickstart the implementation of the framework by setting up: • The EU-SCICF Secretariat, supporting the functioning of the framework; • The EU-SCICF Forum, working on testing and maturing the functioning; • The EU-SCICF Crisis Coordination, facilitating during a crisis the coordination of actions by the participating authorities. The ESAs state they will identify legal and other operational hurdles encountered during the initial set up and report these to the European Commission. The further development of the framework will be subject to the availability of resources and other measures taken by the European Commission. Link to EU-SCICF Factsheet here