European Supervisory Authorities specify criticality criteria and oversight fees for critical ICT third-party providers under DORA in response to the European Commission’s call for advice
The European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) published their joint response to the European Commission’s Call for Advice on two EC delegated acts under the Digital Operational Resilience Act (DORA) specifying further criteria for critical ICT third-party service providers (CTPPs) and determining oversight fees levied on such providers.
In relation to the criticality criteria, the ESAs propose 11 quantitative and qualitative indicators along with the necessary information to build up and interpret such indicators following a two-step approach. The ESAs also put forward minimum relevance thresholds for quantitative indicators, where possible and applicable, to be used as starting points in the assessment process to designate critical third-party providers.
This joint response does not include any details of the designation procedure nor of the related methodology as these are out of the scope of this Call for Advice. However, the ESAs plan to define these details no later than six months after the adoption of the delegated act by the Commission.
Regarding the oversight fees, the ESAs make proposals for determining the amount of the fees to be levied on CTPPs and the way in which they are to be paid. The ESAs’ proposals cover the types of estimated expenditures (for both the ESAs and the competent authorities) that shall be covered by oversight fees as well as the basis for the expenditures’ calculation and the available information for determining the applicable turnover of the CTPPs (the basis of fee calculation) and the method of fee calculation together with other practical issues regarding the collection of fees.
In addition, the advice proposes a financial contribution for voluntary opt-in requests. The ESAs will specify other practical aspects on the estimation of oversight expenditures and operational aspects in the context of the implementation of the oversight framework.
Background
In December 2022, the Commission issued to the ESAs a Call for Advice (CfA) in relation to two delegated acts under DORA to 1) specify further criteria for critical ICT third-party service providers and 2) determine the fees levied on such providers.
To inform the responses, the ESAs held a public consultation (May-June 2023). In light of the 41 responses received from various stakeholders, the ESAs have amended the draft advice on the criticality criteria to increase the role of critical or important functions in the assessment and further streamlined the proposed set of indicators. Regarding the oversight fees, the ESAs have, among others, adapted their advice by proposing to define the scope of the applicable turnover on a narrower basis. Overall, market participants expressed support to the proposals related to the other aspects of the advice, while requesting clarifications on some other points.
DOCUMENTS
Anders Olofsson – former Head of Payments Finastra
Banking 4.0 – „how was the experience for you”
„So many people are coming here to Bucharest, people that I see and interact on linkedin and now I get the change to meet them in person. It was like being to the Football World Cup but this was the World Cup on linkedin in payments and open banking.”
Many more interesting quotes in the video below: