BRUSSELS, 9 April 2021 – Banks have been among the first companies to install computers and create large data centres. This has contributed to the efficiency of their role of financing the economic activity and intermediating between savers and borrowers.
As IT architecture has become essential for economic activity, the risk of disruption of this architecture and its consequences for the banks and their clients are of paramount importance. Consider for example the damage done by data breaches, ransomware or service outage of cloud service providers.
The European Savings and Retail Banking Group (ESBG) is aligned with the goal pursued by the Digital Operational Resilience Act (DORA) to create a comprehensive framework for the digital operational resilience of the financial sector in the EU. We welcome the initiative to bring together ICT risks in finance in this legislative proposal that advocates for a level playing field approach. Since the implementation of this framework implies a lot of policy work for the European Supervisory Authorities, we suggest however that the entry into force would be 30 months after the publication of the act.
As for the content of the act, ESBG thinks rules should be adjustable to the different business models in our membership. Smaller financial institutions should be excluded from the framework. We believe that the direct supervision of critical ICT service providers by the ESAs should cover only large, internationally active service providers. Predominantly nationally active critical ICT service providers should be supervised at the national level to avoid incompatibilities with national security laws. We advocate for the creation of a reporting hub at the national level and that the reporting at the EU level is done by the National Competent Authorities. We do not oppose to the creation of an EU hub receiving all reporting but if it is finally set up, it must replace all pre-existing reporting and risks should be properly assessed to ensure the highest levels of cybersecurity.
Finally, the cost of supervising the ICT-providers should not be on the banks or even less on the bank customers’ shoulders. Just as banks rightfully support the cost of financial supervision, ICT providers should bear the cost of their supervision.
related
ESBG advocates for increased clarity and streamlining of supervisory reporting requirements
On 14 March, ESBG submitted its response to the European Banking Authority (EBA) consultation on ITS amending Commission Implementation Regulation (EU) 2021/451 regarding supervisory reporting
WSBI-ESBG advocates for robust implementation of the BCBS Pillar 3 framework for climate-related financial risks
On 14 March, WSBI-ESBG submitted its response to the Basel Committee on Banking Supervision (BCBS) consultation on its Pillar 3 disclosure framework for climate-related financial risks
ESBG stresses the need for consistency and clarity in its Response to the SFDR Review Consultation
ESBG submitted its response to the European Commission’s consultation on the SFDR review, aiming to enhance transparency in sustainability-related disclosures within the financial services sector
ESBG responds to the SRB consultation on the future MREL policy
The European Savings and Retail Banking Group (ESBG) submitted its response to the consultation launched by the Single Resolution Board (SRB) in December 2023 on the future of the Minimum Requirement for own funds
ESBG’s response to the Commission’s consultation on the GDPR
The primary EU legislation ensuring the fundamental right to data protection is the General Data Protection Regulation
Joint statement calling for clear distinction between AI and credit scoring in AI Act
On 11 January 2024, a joint industry statement was issued by ESBG, together with the Association of Consumer Credit Information Suppliers (ACCIS)
ESBG stresses the need for consistency and clarity in its Response to the SFDR Review Consultation
On 14 December, ESBG submitted its feedback on the Sustainable Finance Disclosure
ESBG Advocates Clarity and Harmony in EU Taxonomy Implementation
ESBG remains committed to ensuring a clear and effective regulatory framework.
ESBG’s position paper on the potential inclusion of SMEs in the Taxonomy
In November 2023, ESBG published a position paper on the potential inclusion of
ESBG response to the EBA consultation on draft templates and template guidance for collecting climate related data from EU banks.
ESBG welcomes the opportunity to answer to the EBA’s consultation on the draft templates for collecting