Article 49, Financial Cross-Sector Exercises, Communication And Cooperation, Digital Operational Resilience Act (DORA)
Overview
1. The ESAs, through the Joint Committee and in collaboration with competent authorities, resolution authorities as referred to in Article 3 of Directive 2014/59/EU, the ECB, the Single Resolution Board as regards information relating to entities falling under the scope of Regulation (EU) No 806/2014, the ESRB and ENISA, as appropriate, may establish mechanisms to enable the sharing of effective practices across financial sectors to enhance situational awareness and identify common cyber vulnerabilities and risks across sectors.
They may develop crisis management and contingency exercises involving cyber-attack scenarios with a view to developing communication channels and gradually enabling an effective coordinated response at Union level in the event of a major cross-border ICT-related incident or related threat having a systemic impact on the Union’s financial sector as a whole.
Those exercises may, as appropriate, also test the financial sector’s dependencies on other economic sectors.
2. Competent authorities, ESAs and the ECB shall cooperate closely with each other and exchange information to carry out their duties pursuant to Articles 47 to 54. They shall closely coordinate their supervision in order to identify and remedy breaches of this Regulation, develop and promote best practices, facilitate collaboration, foster consistency of interpretation and provide cross-jurisdictional assessments in the event of any disagreements.
Summary Of Article 49
Article 49 of the Digital Operational Resilience Act (DORA) emphasizes the importance of cross-sector communication and collaboration to enhance financial sector resilience against ICT-related threats. The European Supervisory Authorities (ESAs), in coordination with competent authorities, the European Central Bank (ECB), the Single Resolution Board (SRB), ENISA, and other relevant bodies, are tasked with creating mechanisms to share best practices and improve situational awareness. This collaboration aims to identify shared vulnerabilities and risks, particularly in relation to cyber threats.
The article also promotes the development of crisis management and contingency exercises focused on cyber-attack scenarios. These exercises are intended to strengthen communication channels and ensure an effective coordinated response in the event of a major ICT-related incident impacting the financial sector. Additionally, the exercises may assess the dependencies of the financial sector on other economic sectors, underscoring the interconnected nature of risks across industries.
Finally, Article 49 calls for close coordination between competent authorities, ESAs, and the ECB to exchange information and ensure consistent supervision. This cooperation will help address regulatory breaches, foster best practices, and resolve any disagreements between jurisdictions, ensuring a cohesive approach to maintaining operational resilience and addressing risks across the EU’s financial system.