Where an entity providing crypto-asset services in accordance with applicable law before 30 December 2024 has applied for but has not been granted or refused authorisation by the end of the transition period, can this entity continue providing services until it is granted or refused authorisation?

QUESTION 1: Internal Audit Frequency for Microenterprises and financial entities subject to the simplified risk management framework
Recital 43 of DORA states that microenterprises and financial entities (FEs) referred to in Article 16(1) of DORA are not required to conduct regular internal audits of their ICT risk management framework (RMF). Does it conflict with Article 28, paragraph 5 of Commission Delegated Regulation (EU) 2024/1774 (RTS) that mandates an internal audit on the ICT RMF in line with the FE’s audit plan?

QUESTION 2: ICT Testing Requirements for Microenterprises and Financial Entities – Cyber-attack scenarios
Article 11.6 of DORA excludes microenterprises from the requirement to include cyber-attack scenarios in their ICT business continuity and recovery plan testing. Does it conflict with Article 39, paragraph 1 of the Commission Delegated Regulation (EU) 2024/1774 (RTS), which mandates the inclusion of cyber-attack scenarios in the testing plans for financial entities referred to in Article 16(1) of DORA?

QUESTION 3: Recital 43 of DORA specifies that microenterprises and financial entities referred to in Article 16(1) of DORA are not required to regularly conduct risk analyses on legacy ICT systems. Does it conflict with Article 34, paragraph 1, point (e) of the Commission Delegated Regulation (EU) 2024/1774 (RTS) which mandates that financial entities referred to in Article 16(1) of Regulation (EU) 2022/2554 must manage the risks related to outdated or unsupported and legacy ICT assets?

In the specific situation that the calculation of the remuneration perceived by the firm for the placing/underwriting service is independent/unconnected with the number of securities finally placed to investors (i.e. the firm receives the same remuneration from the issuer or offeror of securities irrespectively of the amount of securities it sells to investors) as the circumstance “it is clear that the remuneration perceived for the placing service is connected to the provision of the investment service to the investor buying the financial instrument” is not met, should this remuneration be considered as an inducement?
If that is the case, how and to what extent entities should disclose in a “fair, clear and not misleading” manner information on such remuneration in costs, charges and inducements disclosures to their clients?

(a) How should accumulators - i.e. derivative contracts whereby the buyer commits to buy a predefined number of underlying financial instruments at a predefined price, per day, over a certain “accumulation” period - be classified?

(b) Should the IF report the single transactions executed when settling the accumulator contract?

(c) Should the IF report the transactions concluded with third parties to secure the financial instruments to be sold to the accumulator’s buyer?

(d) How should the accumulator contract be reported?

Should the price field at position level be amended following a change in the notional amount?