The European Banking Authority (EBA) has released its work plan until 2023, outlining how the banking industry of the European Union expects to adapt to new rules, pursue its digitalization agenda, and create more collaboration in areas like payments and financial crime-fighting.
The paper is structured around the six strategic pillars of the EBA’s 2023–2025 strategic goals, which include managing risks associated with information and communications technology (ICT) and issues associated with digital finance while enhancing “operational resilience.”
The EBA intends to work on this pillar in 2023 by creating the required policy framework for the bloc’s banking industry to adapt to two impending pieces of EU legislation: the Markets in Crypto Assets Act and the Digital Operational Resilience Act (DORA) (MiCA).
MiCA and DORA are anticipated to go into effect in 2023. According to the EBA, firms would be expected to have conformed with the new legislation by January 1, 2025, depending on how the legislative process turns out.
Aiding banks and fintech in preparation
The DORA law aims to standardize risk assessment and mitigation procedures throughout the EU and provide legislative parameters for how financial institutions handle digital risk. The regulation will specifically target the banking and financial services sectors, as well as digital firms that provide services to financial institutions.
The EBA will keep doing research and releasing articles on the subjects that are most important to operational resilience and cybersecurity in the financial services industry in order to get ready for the new rule. According to the paper, this involves a “risk analysis and mapping of use cases of AI [artificial intelligence] in banking.”
The European Banking Authority (EBA) will meet with the relevant European Supervisory Authorities (ESAs) for a “high-level exercise on the landscape of ICT third-party providers in the EU financial sector” the following year. At this meeting, European regulators will talk about how to best apply the new DORA rules to software developers and other tech companies that are not typically under the ESAs’ regulatory purview.
The EBA used the occasion to express its support for the European Systemic Risk Board’s (ESRB) suggestions for a framework for pan-European systemic cyber incident coordination. Different institution types would report incidents like data breaches and cyberattacks according to a common methodology.
The EBA plans to develop this framework’s specifics and consider its implementation.
