|
|
The three European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) have today published an indicative overview of information and communication technology (ICT) third-party providers (TTP) as part of their preparations for the Digital Operational Resilience Act (DORA).
The data collection exercise on which the report is based was the first of its kind, covering ICT-related contractual arrangements for entities across the financial sector. Overall, the exercise has identified around 15,000 ICT TPPs directly serving financial sector entities across the EU. It has found that the most frequently used ICT TPPs support critical or important functions for their clients in a wide range of services. In addition, most critical services were classified as non-substitutable by financial institutions.
The data collection exercise has also revealed some valuable lessons for the implementation of DORA. For instance, it has underlined the importance of ensuring that financial entities provide unique identifiers in the data submitted and the need to develop an appropriate ICT services taxonomy.