The European Banking Authority (EBA) has published its work plan until 2023, laying out how the EU banking sector anticipates adapting to new regulations, pursuing its digitization agenda, and increasing collaboration in areas like payments and financial crime-fighting.
The document is organized around the six strategic pillars of the EBA’s 2023–2025 strategic goals, which include strengthening “operational resilience” and managing risks related to information and communications technology (ICT) and concerns related to digital finance.
By developing the necessary regulatory framework for the EU banking sector’s adaptation to two upcoming pieces of EU legislation, the Markets in Crypto Assets Act and the Digital Operational Resilience Act (DORA), the EBA plans to work on this pillar in 2023. (MiCA).
In 2023, MiCA and DORA are expected to become effective. Depending on how the legislative process plays out, businesses might be required to comply with the new rules by January 1, 2025, according to the EBA.
assisting banks and fintech with planning
The DORA regulation establishes legal guidelines for how financial institutions should manage digital risk in order to standardize risk assessment and mitigation practices throughout the EU. The banking and financial services industries, as well as digital businesses that offer services to financial institutions, would be notably targeted by the rule.
The European Banking Authority (EBA) will meet with the relevant European Supervisory Authorities (ESAs) for a “high-level exercise on the landscape of ICT third-party providers in the EU financial sector” the following year. At this meeting, European regulators will talk about how to best apply the new DORA rules to software developers and other tech companies that are not typically under the ESAs’ regulatory purview.
The EBA used the occasion to express its support for the European Systemic Risk Board’s (ESRB) suggestions for a framework for pan-European systemic cyber incident coordination. Different institution types would report incidents like data breaches and cyberattacks according to a common methodology.
