Search a question

What is the submission format for the incident reports (initial notification, intermediate and final) that CTPPs and Financial Entities need to submit to the CA?

Hi Team,

Hope you are well!

We are a Spanish Fintech company called Toqio, our company lets you create, customize, and scale unique financial products in our platform.Please find more information below:

https://toqio.co/platform

Could you please confirm that we have to comply with DORA and also we have to send the ROI to the authorities?

Thank you in advance,

Kindest regards,

Ester

The DORA law states that ICT third-party service providers must fully cooperate during onsite inspections and audits conducted by competent authorities, the Lead Overseer, the financial entity, or an appointed third party.
Will these audits be conducted the same way if the provider is located outside Europe,

Can you confirm our understanding of the DORA law: an intra-group entity providing services to a financial entity is subject to the same obligations as a non-critical third-party provider. This includes requirements related to contractual arrangements, provisions for critical functions, exit strategies and termination conditions, information registry, reporting to competent authorities, and pre-contractual assessments. Additionally, if the services involve critical or important functions, further requirements apply, such as TLPT tests and audits by competent authorities.

A Group contains within it both insurance entities and banking entities; for the purposes of preparing the Register at a consolidated level, must it consider both types of Entity? To which Authority is the Register sent at a consolidated level?