New Operational Resilience frameworks introduced in the EU and UK are creating substantial additional reporting requirements on financial entities, in particular in the areas of ICT incidents and outsourcing. These requirements are often not aligned with international principles, creating additional operational burdens without contributing to risk management.
AFME strongly argues for streamlining of such reporting requirements, through:
- A simplification of the Digital Operational Resilience Act (DORA) reporting requirements with respect to ICT incidents and outsourcing.
- Streamlining and consolidation of proposed UK incident reporting requirements, reducing the number of reporting frameworks from five to one.
- In cooperation with our global affiliate GFMA, streamlining of international incident reporting requirements, in particular through alignment of jurisdictional reporting with the Financial Stability Board’s “Financial Institution Incident Reporting Exchange” principles.
