Brussels, Belgium. European Supervisory Authorities and their counterparts in the United Kingdom have signed a memorandum of understanding to enhance oversight of critical ICT third-party service providers. The agreement is intended to strengthen cross-border cooperation under the Digital Operational Resilience Act.
Parties to the agreement
The memorandum involves the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA), and the European Securities and Markets Authority (ESMA), together with the Bank of England, the Prudential Regulation Authority, and the Financial Conduct Authority.
Scope and purpose under DORA
The agreement enhances cooperation between the authorities to oversee critical ICT third-party service providers as required by the Digital Operational Resilience Act. It sets out principles and procedures for cooperation, information sharing, and coordination of oversight activities between the relevant authorities responsible for European Union and United Kingdom oversight.
Operational resilience and third-party risk
The authorities said the agreement aims to enhance third-party risk management and contribute to the overall operational resilience of the financial sector in the European Union and the United Kingdom through cross-border cooperation.
Legal basis and confidentiality assessment
The legal basis cited for the document is DORA Articles 36, 44, and 49, covering oversight powers as well as international cooperation, financial cross-sector exercises, communication, and cooperation. The authorities said that, to exchange information with a third-country authority, confidentiality and professional secrecy regimes must be equivalent to those in the European Union, and that an assessment confirmed the United Kingdom regime’s equivalence before the agreement was signed.
What impact do you think this agreement could have on oversight of critical ICT third-party service providers across the European Union and the United Kingdom?
