Home
Resources
CUBE RegNews: 3...

CUBE RegNews: 3rd June

Eva Dauberton

Eva Dauberton

News Editor
Copy link Copy linkCopy to clipboard
Share on X Share on Facebook Share on Linkedin

Posted: 2024-06-03

ESAs release supporting material for DORA dry run 

 

The European Supervisory Authorities (ESAs), which consist of the European Banking Authority (EBA) and the European Insurance and Occupational Pensions Authority (EIOPA), have released templates, technical documents, and tools for the dry run exercise related to the reporting of information registers under the Digital Operation Resilience Act (DORA) announced in April 2024. 

 

Some context 

DORA will come into effect on 17 January 2025, requiring all financial entities in scope to maintain comprehensive registers of their contractual agreements with third-party Information Communication Technologies (ICT) service providers at the entity, sub-consolidated, and consolidated levels (Article 28(3) of DORA). Financial entities must be prepared to submit their registers of information to their respective competent authorities, who will then forward them to the ESAs. 


The purpose of the dry run exercise is to assist financial entities in ensuring that their registers of information are ready by January 2025. 

 

Key takeaways 

The material published includes: 

  • Templates for the registers of information with example (in Excel). 
  • Draft technical package for reporting, including data point model (DPM), annotated table layout and validation rules. 
  • Optional tool (VBA macro) to assist with the conversion of Excel templates into .csv files and .zip files for their submission. 
  • Frequently asked questions regarding the exercise. 


These are available on the dry run exercise webpage

 

Next steps 

The ESAs invites financial entities to participate in a dedicated workshop on 10 June 2024 from 10:00 to 12:00. 

Financial entities taking part in the dry run exercise are expected to submit their registers of information to the ESAs through their competent authorities between 1 July and 30 August.


The data cleaning and quality checks will be completed by 31 October 2024, and feedback and cleaned files will be provided to the financial entities via their competent authorities. In November, the ESAs will hold a ‘lessons learnt’ workshop on data quality, which will be open to the entire industry. Finally, in early December, aggregated data quality reports will be published. 

  

Click here to read the full RegInsight on CUBE’s RegPlatform   

 

ESMA publishes final MICA rules on conflicts of interests 

 

The European Securities and Markets Authority (ESMA) has released the final draft Regulatory Technical Standards (RTS) on conflicts of interest for cryptoasset service providers (CASPs) under the MiCA (Markets in Cryptoassets) Regulation. 

 

Some context 

MiCA, which became effective in June 2023, includes several Level 2 and Level 3 measures that must be developed before the new regime is implemented. 

During the implementation phase, ESMA, in collaboration with the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA), and the European Central Bank (ECB), has released consultations on various technical standards in three packages sequentially. 


The first consultation package, published in July 2023, covered notification from selected entities to NCAs, application for authorisation for CASPs, complaint handling procedures, and conflicts of interest. While most final reports were published in March 2024, this final RTS specifically focuses on conflicts of interest. 

 

Key takeaways 

In this final RTS, ESMA clarifies elements related to the vertical integration of CASPs and further aligns requirements with the draft European Banking Authority (EBA) rules applicable to issuers of asset-referenced tokens (ARTs). 


The RTS also contains updates on: 

  • The requirements for the policies and procedures for the identification, prevention, management, and disclosure of conflicts of interest, considering the scale, nature and range of cryptoasset services provided. 
  • The details and methodology for the content of the disclosures of conflicts of interest. 

 

Next steps 

ESMA has submitted the final RTS to the European Commission for adoption. The European Commission will decide whether to adopt the technical standards within three months. 

 

Click here to read the full RegInsight on CUBE’s RegPlatform   

 

HKMA issues guidance on Cross-boundary WMC 

 

The Hong Kong Monetary Authority (HKMA) has issued a “Dear CEO” letter to all authorised institutions (AI) regarding the provision of Southbound Scheme services under the Cross-boundary Wealth Management Connect Scheme (Cross-boundary WMC) by authorised institutions incorporated outside Hong Kong. 

 

Specifically, the letter aims to provide guidance for non-locally incorporated AIs in offering Southbound Scheme services under the Cross-boundary WMC to non-private banking customers. 

 

Some context 

The Cross-boundary WMC is an initiative that falls under the mutual market access schemes between the capital markets of Hong Kong, Macao, and the Mainland. 


Launched in September 2021, it allows eligible residents in the Guangdong-Hong Kong-Macao Greater Bay Area (GBA) to invest in wealth management products distributed by banks in each other’s market through a closed-loop funds flow channel established between their respective banking systems. 


The Southbound Scheme, in particular, permits eligible residents in the Mainland GBA cities to invest in wealth management products distributed by eligible financial institutions in Hong Kong and Macao through designated channels. 

 

Click here to read the full RegInsight on CUBE’s RegPlatform   

 

APRA stresses critical role of data backups in cyber resilience 

 

The Australian Prudential Regulation Authority (APRA) has issued a letter addressed to all APRA-regulated entities emphasising the critical role of data backups in cyber resilience. While many entities have backup practices in place, APRA has noticed common issues that can limit the effectiveness of these backups during system restoration in the event of an incident. 

 

The letter outlines these common problems, and APRA expects regulated entities to assess their backup arrangements against them. If the review identifies gaps that could materially impact the entity’s risk profile or financial soundness, APRA considers this a material security control weakness notifiable under paragraph 36 of CPS 234. 

 

Regulated entities are also advised to conduct periodic self-assessments against sound information security practices outlined in Prudential Practice Guide CPG 234 Information Security (CPG 234). 

 

Click here to read the full RegInsight on CUBE’s RegPlatform   

 

CPMI publishes 2024-2025 priorities 


The Committee on Payments and Market Infrastructures (CPMI) of the Bank for International Settlements has released its work programme for 2024-2025, outlining its strategic priorities for policy, standard-setting, implementation, and analytical activities. 

 

The programme’s main themes are: 

  • Risk management of financial market infrastructures (FMIs), including FMIs’ practices for addressing non-default losses, margining practices in centrally cleared markets, foreign exchange settlement risk reduction, and cyber and operational resilience. 
  • Enhancement of cross-border payments, focusing on the priorities under the G20 cross-border payments program, with an emphasis on the interlinking of fast payment systems. 
  • Digital innovation in payments, clearing, and settlement, including tokenisation in the context of money and payments, functionality of cross-border central bank digital currencies and central bank collaboration, and multi-currency and asset-linked stablecoin arrangements. 


The CPMI will also conduct research and analysis on an ongoing basis to support the work of all key themes. This includes the annual collection and publication of the CPMI statistics on payments and FMIs (“Red Book” statistics) and the yearly BIS CBDC survey. 

 

Click here to read the full RegInsight on CUBE’s RegPlatform   

 

DFSA enhances crypto token framework 

 

The Dubai Financial Services Authority (DFSA) has confirmed some amendments to its crypto token regime following proposals outlined in an earlier consultation paper. 


The amendments address the following areas: 

Funds 

  • The ability to offer units of external and foreign funds investing in recognised crypto tokens. 
  • The ability for domestic qualified investor funds to invest in unrecognised crypto tokens. 

Custody 

  • Custody of crypto tokens. 
  • Staking of crypto tokens. 

Financial crime 

  • Financial crime (including the “travel rule”) compliance guidance. 
  • Transaction monitoring and blockchain analysis. 

Recognition of crypto tokens 

  • Recognition criteria for fiat crypto tokens (stablecoins). 
  • Fee for recognition of crypto tokens. 


The changes come into effect from 3 June 2024. 

 

Click here to read the full RegInsight on CUBE’s RegPlatform