5 Amendments of Roberts ZĪLE related to 2020/0268(COD)
Amendment 37 #
Proposal for a directive
Recital 3
Recital 3
(3) At Union level the requirements related to ICT risk for the financial sector are currently spread over Directives 2006/43/EC,18 2009/66/EC,19 2009/138/EC,20 2011/61/EC,21 EU/2013/36,22 2014/65/EU,23 (EU) 2015/2366,24 (EU) 2016/234125 of the European Parliament and of the Council and are diverse and occasionally incomplete. In some cases, ICT risk has only been implicitly addressed as part of the operational risk, whereas in others it has not been addressed at all. This should be remedied by aligning Regulation (EU) xx/20xx of the European Parliament and of the Council26 [DORA] and those acts. This Directive puts forward a set of amendments that appear necessary to bring legal clarity and consistency in relation to the application by financial entities that are authorised and supervised in accordance with those Directives of various digital operational resilience requirements that are necessary in the pursuit of their activities, thus guaranteeing the smooth functioning of the internal market, while facilitating proportionality in particular with regards to SMEs and other small financial entities, other than microenterprises, with the aim of reducing compliance costs. _________________ 18 Directive 2006/43/EC of the European Parliament and of the Council of 17 May 2006 on statutory audits of annual accounts and consolidated accounts, amending Council Directives 78/660/EEC and 83/349/EEC and repealing Council Directive 84/253/EEC (OJ L 157, 9.6.2006, p. 87). 19 Directive 2009/65/EC of the European Parliament and of the Council of 13 July 2009 on the coordination of laws, regulations and administrative provisions relating to undertakings for collective investment in transferable securities (UCITS) (OJ L 302, 17.11.2009, p. 32). 20Directive 2009/138/EC of the European Parliament and of the Council of 25 November 2009 on the taking-up and pursuit of the business of Insurance and Reinsurance (Solvency II) (OJ L 335, 17.12.2009, p. 1) . 21Directive 2011/61/EU of the European Parliament and of the Council of 8 June 2011 on Alternative Investment Fund Managers and amending Directives 2003/41/EC and 2009/65/EC and Regulations (EC) No 1060/2009 and (EU) No 1095/2010 (OJ L 174, 1.7.2011, p. 1). 22Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC (OJ L 176, 27.6.2013, p. 338). 23Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU (OJ L 173, 12.6.2014, p. 349). 24Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (OJ L 337, 23.12.2015, p. 35). 25 Directive (EU) 2016/2341 of the European Parliament and of the Council of 14 December 2016 on the activities and supervision of institutions for occupational retirement provision (IORPs) (OJ L 354, 23.12.2016, p. 37). 26 OJ L […], […], p. […].
Amendment 38 #
Proposal for a directive
Recital 4
Recital 4
(4) In the area of banking services, Directive 2013/36/EU on access to the activity of credit institutions and the prudential regulation of credit institutions and investment firms currently sets out only general internal governance rules and operational risk provisions containing requirements for contingency and business continuity plans which implicitly serve as a basis for addressing ICT risk management. However, to ensure that ICT risk is explicitly addressed, and in order to provide legal clarity, the requirements for contingency and business continuity plans should be amended in a proportionate way to include business continuity and disaster recovery plans also for ICT risk, in in accordance with the requirements laid down in Regulation (EU) 2021/xx [DORA].
Amendment 39 #
Proposal for a directive
Recital 5 a (new)
Recital 5 a (new)
(5 a) In order to strengthen the digital resilience of financial entities even after the changes in the less safe digital business and consumer environment caused by the COVID-19 pandemic, the DORA Regulation should also apply to the fight against money laundering and terrorist financing. In order to provide solutions for the application of the digital resilience dimension, Directive (EU) 2015/849 should be amended to include the DORA framework for that application, where appropriate.
Amendment 46 #
Proposal for a directive
Recital 14 a (new)
Recital 14 a (new)
(14 a) There is a need for proportionality of the DORA framework, so that smaller financial institutions and smaller IT suppliers are not pushed out of the market by that Regulation.
Amendment 60 #
Proposal for a directive
Article 7 a (new)
Article 7 a (new)
Directive (EU) 2015/849
Article 7 – paragraph 4 – point f (new)
Article 7 – paragraph 4 – point f (new)
Article 7 a Amendment to Directive (EU) 2015/849 [AML] In Article 7(4), the following point is added: '(f) take appropriate steps to support procedures in accordance with Chapter II of Regulation (EU) 2021/xx [DORA] in relation to mitigating ICT-related risks, where applicable.'