This session will first discuss the development of information and communications technology (ICT) risks in the financial sector and the main areas of improvement of ICT risk management. The panel will also assess whether the DORA legislative proposal is fit-for-purpose for tackling ICT risks and the risks arising from the management of ICT third-party service providers, the main priorities and potential issues raised by these proposals.
Points of discussion
- Are ICT risks developing in the financial sector and if so what are the main characteristics of these evolutions? Is the framework proposed by DORA for the mitigation of ICT risks appropriate? Do certain measures need adjusting or clarifying, do some pose implementation issues? Do these proposals easily reconcile with existing EU and domestic rules concerning ICT risks and cyber-resilience?
- How significant are ICT third-party risks in the financial sector and how are they expected to develop in the coming years? Does DORA propose an adequate framework for the management of third-party ICT risks? Are the measures proposed for mitigating the risks from critical third-party providers appropriate? Do these proposals easily reconcile with the work underway at the international level?