Published:
FESE welcomes the opportunity to contribute its views to the ESAs consultation papers on the first batch of DORA policy products. The consultation papers cover the ICT risk management framework, criteria for the classification of ICT-related incidents, policy on ICT services performed by ICT third-party providers and templates for the register of information.
FESE supports the incorporation of the proportionality principle by defining two ICT risk management frameworks: general ICT risk management framework and simplified ICT risk management framework. It is crucial to distinguish between financial entities based on their size, type and criticality to EU markets. While we understand the need for the register of information, we believe that maintaining and updating registers at multiple levels add a layer of complexity to the data management process and data consistency.