Information and communications technology (ICT) service providers are being used more frequently in the increasingly digitalized business world to meet customer demand and improve operational efficiency. According to the joint Report of the three European Supervisory Authorities on the draft Regulatory Technical Standards (RTS), outsourcing ICT services "has become more common, leading to more dependencies and more concentrated ICT risks."
EBA, EIOPA and ESMA (the ESAs) recently published their joint final Report on the draft Regulatory Technical Standards (RTS) specifying how to determine and assess the conditions for subcontracting information and communication technology (ICT) services that support critical or important functions under the Digital Operational Resilience Act (DORA). These RTS aim at enhancing the digital operational resilience of the EU financial sector by strengthening the financial entities’ ICT risk management over the use of subcontracting.
These RTS focus on ICT services provided by ICT subcontractors that support critical or important functions, or material parts of them. In addition, they specify the requirements throughout the lifecycle of contractual arrangements between financial entities and ICT third-party service providers. In particular, they require financial entities to assess the risks associated with subcontracting during the precontractual phase, including the due diligence process.
Requirements for the implementation and management of contractual arrangements on subcontracting conditions are defined with these RTS, to ensure that financial entities monitor the subcontractors effectively underpinning the ICT services that support critical or important functions and remain in control of their risks.
The full report is available online on the EIOPA website.
ESAs’ joint final Report on the draft technical standards on subcontracting under DORA published
31 July 2024 — Daniela GHETU
1048 views