Article 48 Digital Operational Resilience Act (DORA), Publication Of Administrative Penalties

Jul 25, 2024by Sneha Naskar

Competent authorities play a pivotal role in maintaining the integrity and transparency of financial markets. As part of their mandate, they must promptly publish decisions imposing administrative penalties on their official websites, provided there is no pending appeal and the sanctioned party has been duly notified. This publication requirement is crucial for upholding the principles of transparency and accountability in financial regulation.

Article 48 Digital Operational Resilience Act (DORA), Publication Of Administrative Penalties

The details of the publication must include comprehensive information about the type and nature of the breach, the identity of the responsible parties, and the penalties imposed. Such transparency ensures that the public, market participants, and other stakeholders are aware of the actions taken by the competent authorities to enforce compliance with financial regulations. It also serves as a deterrent to potential violators, demonstrating the consequences of regulatory breaches.

However, there are circumstances where the publication of such information might need to be handled with caution. Competent authorities have the discretion to determine, on a case-by-case basis, whether publishing the identity of a legal entity or the personal data of an individual would be disproportionate. This consideration is particularly relevant if the publication could risk financial market stability, hinder an ongoing criminal investigation, or cause disproportionate harm to the person involved.

Options For Competent Authorities In Publishing Administrative Penalties

In such cases, competent authorities may choose from several options:

  • Delay the Publication: The authority can postpone the publication until the reasons for withholding the information no longer exist. This ensures that sensitive information is not released prematurely, potentially causing undue harm or instability.
  • Publish Anonymously: The information can be published in an anonymous format, in accordance with national law. This approach allows the public to be informed about the breach and the penalties without disclosing the identities of the individuals or entities involved, thus balancing transparency with privacy and stability concerns.
  • Refrain from Publishing: If the measures of delaying or anonymizing the publication are insufficient to protect market stability or if publication is deemed disproportionate given the leniency of the sanction, the competent authority may decide not to publish the information at all. This decision would be made in exceptional cases where the risks of publication outweigh the benefits.

When a decision is made to publish an administrative penalty anonymously, the competent authority may still delay the publication to ensure all relevant factors are adequately considered. This additional delay helps in mitigating any potential negative impacts on market stability or the individuals involved.

DORA Compliance Framework

In cases where an administrative penalty decision is appealed, the competent authority is required to immediately update its official website to reflect the status of the appeal. This ensures ongoing transparency and provides the public with up-to-date information about the enforcement actions and their legal status. Moreover, any judicial decision that overturns the administrative penalty must also be published, ensuring that the public record accurately reflects the final outcome of the enforcement action.

All publications related to administrative penalties, whether full, delayed, or anonymous, must remain on the competent authority's official website for at least five years. This duration ensures that the information is accessible for a significant period, contributing to long-term transparency and accountability. However, personal data included in these publications should only be kept for as long as necessary in accordance with applicable data protection regulations. This requirement ensures compliance with data privacy laws and protects the rights of individuals whose personal information might be involved.

In summary, the publication of administrative penalties by competent authorities is a critical component of financial market regulation. It promotes transparency, deters regulatory breaches, and ensures public awareness of enforcement actions. However, this publication must be balanced with considerations for market stability, ongoing investigations, and the potential harm to individuals involved. By implementing these provisions thoughtfully and in accordance with national laws, competent authorities can uphold the integrity of the financial system while protecting the interests of all stakeholders involved.

This approach ensures a robust, transparent, and fair regulatory environment that supports the stability and integrity of financial markets, ultimately benefiting the entire financial ecosystem and the public at large.

DORA Compliance Framework