Digital Operational Resilience for Financial Entities (cepPolicyBrief COM2020_595)


Cyberattacks increasingly threaten financial institutions in the European Union. The EU Commission therefore wants to foster the stability and security of the European financial sector and its financial institutions such as banks, insurance undertakings or trading venues by means of a new Regulation. The Freiburg think tank Centrum für Europäische Politik has examined the Commission's plans in a cepPolicyBrief.


"The EU measures are appropriate, as products and services of financial institutions are often central to the functioning of a society. However, the proposed Regulation is neither proportionate nor targeted," criticises cep expert Philipp Eckhardt, who assessed the EU proposal. "The creation of an EU supervisory framework for critical third-party providers of information and communication technology (ICT TPSPs) can strengthen the digital operational resilience of financial institutions. However, the division of supervisory tasks among the three European financial supervisory authorities EBA, ESMA and EIOPA is questionable. ICT TPSPs, such as cloud providers, could be confronted with contradictory supervisory approaches," says Eckhardt.