DORA should not increase operational and financial burden for ESBG members and their clients

BRUSSELS, 9 April 2021 – Banks have been among the first companies to install computers and create large data centres. This has contributed to the efficiency of their role of financing the economic activity and intermediating between savers and borrowers.

As IT architecture has become essential for economic activity, the risk of disruption of this architecture and its consequences for the banks and their clients are of paramount importance. Consider for example the damage done by data breaches, ransomware or service outage of cloud service providers.

The European Savings and Retail Banking Group (ESBG) is aligned with the goal pursued by the Digital Operational Resilience Act (DORA) to create a comprehensive framework for the digital operational resilience of the financial sector in the EU. We welcome the initiative to bring together ICT risks in finance in this legislative proposal that advocates for a level playing field approach. Since the implementation of this framework implies a lot of policy work for the European Supervisory Authorities, we suggest however that the entry into force would be 30 months after the publication of the act.

As for the content of the act, ESBG thinks rules should be adjustable to the different business models in our membership. Smaller financial institutions should be excluded from the framework. We believe that the direct supervision of critical ICT service providers by the ESAs should cover only large, internationally active service providers. Predominantly nationally active critical ICT service providers should be supervised at the national level to avoid incompatibilities with national security laws. We advocate for the creation of a reporting hub at the national level and that the reporting at the EU level is done by the National Competent Authorities. We do not oppose to the creation of an EU hub receiving all reporting but if it is finally set up, it must replace all pre-existing reporting and risks should be properly assessed to ensure the highest levels of cybersecurity.

Finally, the cost of supervising the ICT-providers should not be on the banks or even less on the bank customers’ shoulders. Just as banks rightfully support the cost of financial supervision, ICT providers should bear the cost of their supervision.

ESBG provides overall assessment on clients’ sustainability preferences under the current framework by replying to the ESMA’s Call for Evidence

Post

ESBG responds to Commission’s call for feedback on its legislative package on CMDI

Post

ESBG has recently submitted its response to the EBA consultation on its draft Guidelines on resubmission of historical data

Post

ESBG’s response to the Commission call for feedback on its proposal for the regulation on the transparency and integrity of ESG rating activities

Post

Cookie	Duration	Description
_SS	session	Bing sets this cookie to collect information on how visitors behave on multiple websites and to understand how they access the website, to provide relevant ads.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
SRCHD	1 year 24 days	Bing sets this cookie to display map content using Bing Maps.
SRCHUID	1 year 24 days	Bing sets this cookie to display map content using Bing Maps.
SRCHUSR	1 year 24 days	Bing sets this cookie to display map content using Bing Maps.
uncode_privacy[consent_types]	1 year	This cookie is set by Uncode WordPress theme and is used to manage privacy settings on the website.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_EDGE_S	session	Bing sets this cookie to display map content using Bing Maps.
_EDGE_V	1 year 24 days	Bing sets this cookie to display map content using Bing Maps.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_gtag_UA_*	1 minute	Google Analytics sets this cookie to store a unique user ID.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
attribution_user_id	1 year	This cookie is set by Typeform for usage statistics and is used in context with the website's pop-up questionnaires and messengering.
MUIDB	1 year 24 days	Bing sets this cookie to determine how the user uses the website and any advertising that the end user may have seen before visiting the said website.

Cookie	Duration	Description
MUID	1 year 24 days	Bing sets this cookie to recognise unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
rl_anonymous_id	never	RudderStack set this cookie to store statistical data of users' behaviour on the website, which can be used for internal analytics by the website operator.
rl_group_id	never	RudderStack sets this cookie to collect user activity on the web.
rl_group_trait	never	Rudderstack sets this cookie, which is used to store performed actions on the website.
rl_page_init_referrer	never	Rudderstack sets this cookie, which is used to store performed actions on the website.
rl_page_init_referring_domain	never	Rudderstack sets this cookie, which is used to store performed actions on the website.
rl_trait	never	Rudderstack sets this cookie, which is used to store performed actions on the website.
rl_user_id	never	RudderStack set this cookie to store a unique user ID for the Marketing/Tracking purpose.
SUID	12 hours	Google Analytics sets this cookie to collect data on user preferences and/or interaction with web campaign content (Microsoft).

Cookie	Duration	Description
AWSALBTG	7 days	No description available.
AWSALBTGCORS	7 days	No description available.
SRCHHPGUSR	1 year 24 days	No description available.
tf_respondent_cc	6 months	Description is currently not available.

The World Savings and Retail Banking Institute

The European Savings and Retail Banking Group

Focus areas

Sustainable Finance

Consumer Finance

Anti Money Laundering

Prudential, Supervision and Resolution

Capital Markets Regulation

European Social Dialogue

Auditing, Accounting and Reporting

Digital Finance and Innovation

Payments

News

Publications & Resources

Financial News & Views September 2023

News | Sustainable Finance | Prudential, Supervision and Resolution

​DORA should not increase operational and financial burden for ESBG members and their clients

BRUSSELS, 9 April 2021​​ – Banks have been among the first companies to install computers and create large data centres. This has contributed to the efficiency of their role of financing the economic activity and intermediating between savers and borrowers.

related

Get in touch

WSBI

ESBG

Together

Members Area

M-Chama

Financial literacy education

Empowering rural women

Low-cost mobile accounts

Financial inclusion

COFINA Senegal signs MoU with WSBI

EasyClub

My Pikin & I

Mobile and agency banking in agricultural value chains

Mobile and agency banking in agricultural value chains

DORA should not increase operational and financial burden for ESBG members and their clients

BRUSSELS, 9 April 2021 – Banks have been among the first companies to install computers and create large data centres. This has contributed to the efficiency of their role of financing the economic activity and intermediating between savers and borrowers.