This session will first discuss the extent of digital operational resilience and cyber risks in the financial sector and how they are evolving with on-going changes in financial value chains (e.g. with increasing digitalisation and outsourcing to tech providers) and external events (e.g. geopolitical risks).
The panel will then assess whether the agreed DORA and NIS2 texts will allow the tackling of the cyber and digital operational resilience risks that financial institutions are facing and identify potential issues that remain to be clarified or further specified in the drafting of the Level 2 requirements. Finally, the panel will discuss whether further measures are needed to enhance system-wide cyber-resilience and to ensure an appropriate coordination of cyber-resilience efforts at the international level.
Points of discussion
- How are ICT and cyber-risks evolving in the financial sector? What are the implications in terms of operational and cyber-resilience of on-going digital transformation and resulting changes in the financial value chains?
- Will the DORA and NIS2 frameworks allow an appropriate tackling of ICT risks with adequate proportionality and future-proofing? What are the key issues remaining to be clarified or specified in the drafting of Level 2 regulatory standards and are there major implementation challenges? Can the oversight of critical ICT third-party providers (CTPPs) be adequately conducted with the current supervisory structure in Europe? How are ICT risks and digital operational resilience issues addressed at the international level? Does more need to be done to enhance cyber-resilience at sector level?