Prawo Nowych Technologii
nr 1/2021
Rozporządzenie ws. operacyjnej odporności cyfrowej sektora finansowego – uwagi na tle proponowanej regulacji
Autor jest Partnerem w kancelarii SSW (szefem praktyki Digital & Technology).
Abstrakt
Rozporządzenie ws. operacyjnej odporności cyfrowej sektora finansowego (z ang. DORA) to jeden z elementów pakietu dotyczącego finansów cyfrowych, którego celem jest aktualizacja otoczenia regulacyjnego w obszarze technologii finansowych. Jednocześnie DORA to pierwsza w historii sektora finansowego próba uregulowania na poziomie paneuropejskim zasad bezpieczeństwa operacyjnego w obszarze ICT.
Abstract
Regulation on digital operational resilience for the financial sector – comments on the proposal The regulation on digital operational resilience for the financial sector is likely to become a turning point in approaching the rules of financial sector’s operational security in the area of technology. Coherent regulation of the rules of testing digital resilience of financial entities, incident reporting and monitoring as well as security management in the ICT environment provides an opportunity to equalise the rights and duties of financial sector participants at the pan-European level. A novelty evidencing the regulatory maturity of the authors of the regulation proposal is also a broad and detailed regulation of providers of ICT services for the financial sector. Additionally, the fact that the proposal for the regulation introduces the primary principles of management’s responsibility for operational security, strengthened with supplementary quantitative (establishment of financial reserves should incidents occur) and qualitative approach (meeting qualitative requirements in the area of operational security) to risk management is an evidence of a directional change in regulating this area, which will have a permanent impact on how ICT security in the financial sector is managed. Słowa kluczowe: cyberbezpieczeństwo, bankowość, technologie, compliance, regulacjeKey words: cybersecurity, banking, technologies, compliance, regulations