In its recently published work plan for 2023, the European Banking Authority (EBA) signals how the European Union’s banking sector intends to adapt to new upcoming regulations, pursue its digitization agenda and foster further collaboration in areas such as payments and financial crime-fighting.
The document is built around the six strategic pillars of the EBA’s 2023-2025 strategic priorities, including addressing information and communications technology (ICT) risks and digital finance challenges while strengthening “operational resilience.”
In 2023, the EBA plans to work on this pillar by developing the necessary policy framework for the bloc’s banking sector to adapt to two upcoming pieces of EU legislation — the Digital Operational Resilience Act (DORA) and the Markets in Crypto Assets Act (MiCA).
Both MiCA and DORA are expected to come to force in 2023. And depending on the outcome of the legislative process, the EBA says that it anticipates that businesses will be expected to have complied with the requirements of the new laws by Jan. 1, 2025.
Helping Banks, FinTechs Prepare
The DORA legislation is intended to legally frame how financial institutions manage digital risk and harmonize risk assessment and mitigation requirements across the EU. The law will target the financial services industry and banking sector, as well as technology companies that service financial institutions.
In preparation for the new regulation, the EBA will continue its work researching and publishing on the topics that are most relevant to operational resilience and cybersecurity in the financial services sector. This includes a “risk analysis and mapping of use cases of AI [artificial intelligence] in finance,” the report noted.
Next year, the EBA will also convene with the relevant European supervisory authorities (ESAs) for a “high-level exercise on the landscape of ICT third-party providers in the EU financial sector,” which will involve a meeting between European regulators to discuss how best the new DORA rules can be applied to software developers and other tech firms not normally subject to the regulatory gaze of the ESAs.
The EBA also took the opportunity to welcome the recommendations of the European Systemic Risk Board (ESRB) on a pan-European systemic cyber incident coordination framework. A single framework would set out how different types of institutions would report incidents such as data breaches and cyberattacks.
The EBA intends to flesh out the details of such a framework and look into how it would be implemented.
When it comes to the MiCA legislation, the EBA plans to establish a common single rulebook for crypto-asset issuance and service provision across the region, as well as elaborate on what MiCA means for financial institutions by further specifying capital requirements for issuers, for example.
The EBA will also develop supervisory policies and procedures, as well as templates for the exchange of information between all relevant parties, including crypto-asset issuers, national competent authorities, the European Central Bank and other relevant central banks.
Per the agenda outline, the EBA will continue to monitor financial innovation and identify areas where further regulatory response may be needed. Crypto assets not included within the scope of MiCA, such as decentralized finance, AI, digital platforms and RegTech, are examples of innovations that are on its radar.
Ultimately, for both DORA and MiCA, the EBA’s main task in the coming year will be to write the regulatory technical standards that will define how the new acts get implemented on the ground.
And to help affected businesses meet the new requirements, the EBA together with European Securities and Markets Authority (ESMA) and the European Insurance and Occupational Pensions Authority (EIOPA) will be partnering with the European Commission next year to steer development of the training curriculum for the EU Supervisory Digital Finance Academy.
The academy is an EU initiative that aims to strengthen supervisory capacity in digital finance and facilitates training in digital finance regulation through a series of workshops.
Further reading: EBA Recommends a Standard API for Open Banking in New PSD3
For all PYMNTS EMEA coverage, subscribe to the daily EMEA Newsletter.