The European Supervisory Authorities and UK financial regulators sign Memorandum of Understanding on oversight of critical ICT third-party service providers under DORA

The European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) have signed a Memorandum of Understanding (MoU) with the Bank of England (BoE), the Prudential Regulation Authority (PRA), and the Financial Conduct Authority (FCA). This agreement enhances the cooperation between the authorities to oversee critical ICT third-party service providers (CTPPs) as required by the Digital Operational Resilience Act (DORA) .

The MoU establishes clear principles and procedures for cooperation, information sharing and coordination of oversight activities between the relevant authorities responsible for EU CTPPs/UK CTPs oversight. The MoU aims at enhancing third-party risk management and contributing to the overall operational resilience of the financial sector in the EU and UK through strong cross-border cooperation.

​​Legal basis and background

The MoU has been prepared in accordance with DORA Articles 36, 44, and 49, which cover the ESAs’ oversight powers, international cooperation, and financial cross-sector exercises, communication and cooperation.

​To exchange information  with a third-country authority, the ESAs must ensure that the confidentiality and professional secrecy regime in the third country is equivalent to that in the EU. Therefore, before signing this MoU, the ESAs conducted an assessment that confirmed the UK confidentiality and professional secrecy regime’s equivalence with that in DORA. 

_____________

Documents

Memorandum of Understanding on DORA oversight of critical ICT third-party service providers in EU and UK (367.43 KB – PDF)

ESAs targeted equivalence assessment of DORA confidentiality and professional secrecy regimes (188.09 KB – PDF)