The European Banking Authority (EBA) has published its work plan until 2023, laying out how the EU banking sector anticipates adapting to new regulations, pursuing its digitization agenda, and increasing collaboration in areas like payments and financial crime-fighting.
The document is organized around the six strategic pillars of the EBA’s 2023–2025 strategic goals, which include strengthening “operational resilience” and managing risks related to information and communications technology (ICT) and concerns related to digital finance.
The European Bank Association (EBA) plans to work on this pillar in 2023 by developing the necessary regulatory framework for the banking sector of the Union to adapt to two upcoming pieces of EU legislation: the Markets in Crypto Assets Act and the Digital Operational Resilience Act (DORA) (MiCA).
In 2023, MiCA and DORA are expected to become effective. Depending on how the legislative process plays out, businesses might be required to comply with the new rules by January 1, 2025, according to the EBA.
Aiding banks and fintech in preparation
The DORA law aims to standardize risk assessment and mitigation procedures throughout the EU and provide legislative parameters for how financial institutions handle digital risk. The regulation will specifically target the banking and financial services sectors, as well as digital firms that provide services to financial institutions.
The EBA will keep doing research and releasing articles on the subjects that are most important to operational resilience and cybersecurity in the financial services industry in order to get ready for the new rule. According to the paper, this involves a “risk analysis and mapping of use cases of AI [artificial intelligence] in banking.”
The European Banking Authority (EBA) will meet with the relevant European Supervisory Authorities (ESAs) for a “high-level exercise on the landscape of ICT third-party providers in the EU financial sector” the following year. At this meeting, European regulators will talk about how to best apply the new DORA rules to software developers and other tech companies that are not typically under the ESAs’ regulatory purview.
The EBA used the occasion to express its support for the European Systemic Risk Board’s (ESRB) suggestions for a framework for pan-European systemic cyber incident coordination. Different institution types would report incidents like data breaches and cyberattacks according to a common methodology.
The EBA plans to develop this framework’s specifics and consider its implementation.
