The European Banking Authority (EBA) has published its work plan until 2023, laying out how the EU banking sector anticipates adapting to new regulations, pursuing its digitization agenda, and increasing collaboration in areas like payments and financial crime-fighting.
The document is organized around the six strategic pillars of the EBA’s 2023–2025 strategic goals, which include strengthening “operational resilience” and managing risks related to information and communications technology (ICT) and concerns related to digital finance.
By developing the necessary regulatory framework for the EU banking sector’s adaptation to two upcoming pieces of EU legislation, the Markets in Crypto Assets Act and the Digital Operational Resilience Act (DORA), the EBA plans to work on this pillar in 2023. (MiCA).
In 2023, MiCA and DORA are expected to become effective. Depending on how the legislative process plays out, businesses might be required to comply with the new rules by January 1, 2025, according to the EBA.
Assisting banks and fintech with planning
The DORA regulation establishes legal guidelines for how financial institutions should manage digital risk in order to standardize risk assessment and mitigation practices throughout the EU. The banking and financial services industries, as well as digital businesses that offer services to financial institutions, would be notably targeted by the rule.
In order to prepare for the new rule, the EBA will continue doing research and publishing papers on the topics that are most crucial to operational resilience and cybersecurity in the financial services sector. This entails “risk analysis and mapping of use cases of AI [artificial intelligence] in banking,” according to the study.
The following year, a “high-level exercise on the landscape of ICT third-party providers in the EU financial sector” would take place at a meeting of the European Banking Authority (EBA) and the appropriate European Supervisory Authorities (ESAs). European regulators will discuss how to best apply the new DORA regulations to software developers and other tech businesses at this conference as these businesses are often beyond the regulatory scope of the ESAs.
The EBA took use of the opportunity to voice its support for the recommendations made by the European Systemic Risk Board (ESRB) for a framework for pan-European systemic cyber incident coordination. According to a standard reporting process, various institution types would disclose events like data breaches and cyberattacks.
The EBA intends to develop the specifics of this framework and think about its application.
