Article 46 Digital Operational Resilience Act (DORA), Criminal Penalties

Jul 25, 2024by Sneha Naskar

Member States may decide not to establish rules for administrative penalties or remedial measures for breaches of this Regulation if such breaches are already subject to criminal penalties under their national law. This provision allows Member States to avoid duplicative penalties for the same offense, ensuring that enforcement mechanisms are efficient and non-redundant. When Member States choose to impose criminal penalties for breaches of this Regulation, they must ensure that their competent authorities are equipped with the necessary powers and frameworks to effectively coordinate with judicial, prosecuting, or criminal justice authorities within their jurisdiction.

Article 46 Digital Operational Resilience Act (DORA), Criminal Penalties

Effective Coordination For Enforcement And Compliance

To facilitate effective coordination, competent authorities must have the ability to:

(a) Receive detailed and specific information related to criminal investigations or proceedings initiated for breaches of this Regulation: This includes access to case files, evidence, and any other relevant documentation that can aid in understanding the nature and extent of the breach. Ensuring that competent authorities can obtain comprehensive information is crucial for them to make informed decisions and take appropriate enforcement actions.

(b) Provide this information to other competent authorities: Ensuring a unified and cooperative approach to enforcement across Member States is essential. This includes collaboration with the European Banking Authority (EBA), the European Securities and Markets Authority (ESMA), and the European Insurance and Occupational Pensions Authority (EIOPA), which are responsible for overseeing the consistent application of this Regulation across the EU. Sharing information with these bodies helps maintain a coordinated regulatory environment and prevents discrepancies in enforcement practices.

(c) Implement robust information-sharing mechanisms: Protecting the integrity and confidentiality of the information while ensuring it is accessible to the necessary authorities for enforcement and compliance purposes is vital. Information-sharing mechanisms should be designed to facilitate secure and efficient communication between competent authorities, judicial bodies, and other relevant entities. This ensures that sensitive information is handled appropriately and that enforcement efforts are not compromised.

(d) Facilitate a seamless flow of information that aids in the prevention, detection, and prosecution of breaches: Enhancing the overall effectiveness of the regulatory framework requires competent authorities to have efficient processes for sharing information related to breaches. This includes establishing protocols for the timely and accurate dissemination of information, which helps in identifying and addressing compliance issues promptly.

DORA Compliance Framework

(e) Develop protocols for regular communication and cooperation with judicial and prosecuting authorities: Ensuring that administrative and criminal enforcement actions are well-coordinated and mutually supportive is crucial. Regular communication and collaboration between competent authorities and judicial bodies help align enforcement strategies and ensure that breaches are addressed comprehensively. This cooperation also helps in leveraging the expertise of different authorities to enhance the overall enforcement process.

(f) Ensure that competent authorities have the legal and operational capacity to both receive and disseminate information related to breaches: Leveraging technology and best practices to manage information securely and efficiently is essential. Competent authorities should have robust systems in place for handling sensitive data, ensuring that information is protected from unauthorized access and that it can be shared quickly and accurately when needed. Investing in technological solutions and adopting best practices for data management helps streamline the enforcement process and enhances the overall effectiveness of the regulatory framework.

By establishing these measures, Member States can ensure that breaches of this Regulation are effectively penalized, whether through administrative or criminal penalties, and that enforcement actions are coherent, comprehensive, and aligned with the overarching goals of the Regulation. This approach reinforces the integrity of the regulatory framework and ensures that all relevant authorities are working collaboratively to uphold compliance. It also helps in maintaining public trust in the financial system by demonstrating that breaches are taken seriously and that appropriate actions are taken to address them.

Furthermore, the ability to coordinate enforcement actions across different authorities and jurisdictions is crucial in addressing the complex and often cross-border nature of breaches in the financial sector. By fostering a collaborative environment and ensuring that all relevant entities are equipped with the necessary tools and information, Member States can enhance their ability to detect, prevent, and respond to breaches effectively.

The decision to impose criminal penalties for breaches of this Regulation, combined with the measures to ensure effective coordination and information sharing, helps create a robust enforcement framework. This framework not only deters non-compliance but also ensures that breaches are addressed in a manner that is efficient, fair, and aligned with the broader regulatory objectives. By prioritizing collaboration and leveraging the strengths of different authorities, Member States can uphold the integrity of the financial system and protect it from the risks associated with non-compliance.

DORA Compliance Framework