The European Supervisory Authorities and UK financial regulators sign Memorandum of Understanding on oversight of critical ICT third-party service providers under DORA
The European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) have today signed a Memorandum of Understanding (MoU) with the Bank of England (BoE), the Prudential Regulation Authority (PRA), and the Financial Conduct Authority (FCA). This agreement enhances the cooperation between the authorities to oversee critical ICT third-party service providers (CTPPs) as required by the Digital Operational Resilience Act (DORA).
The MoU establishes clear principles and procedures for cooperation, information sharing and coordination of oversight activities between the relevant authorities responsible for EU CTPPs/UK CTPs oversight. The MoU aims at enhancing third-party risk management and contributing to the overall operational resilience of the financial sector in the EU and UK through strong cross-border cooperation.
Legal basis and background
The MoU has been prepared in accordance with DORA Articles 36, 44, and 49, which cover the ESAs’ oversight powers, international cooperation, and financial cross-sector exercises, communication and cooperation.
To exchange information with a third-country authority, the ESAs must ensure that the confidentiality and professional secrecy regime in the third country is equivalent to that in the EU. Therefore, before signing this MoU, the ESAs conducted an assessment that confirmed the UK confidentiality and professional secrecy regime’s equivalence with that in DORA.