Article 53 Digital Operational Resilience Act (DORA), Amendments To Regulation (EU) No 648/2012

Jul 25, 2024by Sneha Naskar

Regulation (EU) No 648/2012, which pertains to the oversight and management of Central Counterparties (CCPs) and trade repositories, has undergone several significant amendments. These changes are designed to enhance operational resilience, particularly with regard to the management of ICT systems and the establishment of robust continuity plans. Here is an overview of the updated provisions:

Article 53 Digital Operational Resilience Act (DORA), Amendments To Regulation (EU) No 648/2012

Amendment to Article 26, Paragraph 3

The revised Article 26, paragraph 3 now stipulates that a CCP must maintain an organizational structure that ensures the smooth operation and continuity of its services. This includes the requirement to employ appropriate systems and resources. Specifically, the ICT systems used by CCPs must be managed in accordance with Regulation (EU) 2021/xx (DORA), which sets out comprehensive guidelines for digital operational resilience. The integration of DORA’s standards ensures that CCPs are well-equipped to handle ICT-related disruptions and maintain service continuity.

Removal of Article 26, Paragraph 6

Article 26, paragraph 6 has been removed from the regulation. The removal of this paragraph indicates a shift in regulatory focus or the consolidation of provisions to streamline the regulatory framework. The implications of this removal may involve changes in the specific requirements or procedures that were previously outlined in this paragraph.

Amendment to Article 34, Paragraph 1

Article 34, paragraph 1 now mandates that CCPs establish and maintain robust business continuity policies and disaster recovery plans. These plans must include specific provisions for ICT-related issues, in alignment with Regulation (EU) 2021/xx (DORA). The updated requirement aims to enhance operational resilience by ensuring that CCPs are prepared for and can recover from disruptions, including those affecting their ICT infrastructure. This amendment underscores the importance of comprehensive planning to address potential operational interruptions effectively.

Amendment to Article 34, Paragraph 3

The updated Article 34, paragraph 3 assigns ESMA (European Securities and Markets Authority), in consultation with ESCB (European System of Central Banks) members, the responsibility to develop technical standards that specify the minimum requirements for business continuity policies and disaster recovery plans. Notably, the new provision excludes ICT aspects from these technical standards, indicating that ICT-related requirements will be covered separately or in greater detail under Regulation (EU) 2021/xx (DORA).

DORA Compliance Framework

Amendment to Article 56, Paragraph 3

The first subparagraph of Article 56, paragraph 3 has been revised to mandate ESMA to develop technical standards that detail the registration application requirements, except for those related to ICT risk management. This amendment focuses on streamlining the registration process for CCPs and trade repositories while indicating that ICT risk management will be addressed separately, in line with the specific provisions of Regulation (EU) 2021/xx (DORA).

Amendment to Article 79, Paragraphs 1 and 2

Article 79, paragraphs 1 and 2 have been updated to require trade repositories to identify and minimize operational risks through appropriate systems and procedures, including those related to ICT systems managed under Regulation (EU) 2021/xx (DORA). Additionally, trade repositories must maintain business continuity and disaster recovery plans that encompass ICT-specific considerations. These amendments ensure that trade repositories are equipped to manage operational risks effectively and maintain continuity in their operations, even in the face of ICT-related disruptions.

Deletion of Article 80, Paragraph 1

Article 80, paragraph 1 has been deleted from the regulation. The removal of this paragraph suggests a reorganization or simplification of the regulatory framework, possibly consolidating related provisions or removing outdated requirements.

The recent amendments to Regulation (EU) No 648/2012 reflect a strengthened focus on operational resilience and ICT management, in line with the principles established by Regulation (EU) 2021/xx (DORA). By updating provisions related to CCPs and trade repositories, these changes aim to enhance the stability and continuity of financial market infrastructure, ensuring that both CCPs and trade repositories are better equipped to handle disruptions and maintain their critical functions. The revisions underscore the importance of robust risk management practices, including comprehensive business continuity and disaster recovery planning, to address both operational and ICT-specific challenges effectively.

DORA Compliance Framework