On the 16th January 2024, the Malta Financial Services Authority ("MFSA") launched the first consultation process in relation to the implementation of the Regulation on digital operational resilience for the financial sector ("DORA") which will apply from 17 January 2025.
The Consultation Document issued by the MFSA proposes the following implementation measures:
- Digital Operational Resilience Act (DORA) Regulations,
2023 which:
- Designates MFSA as the designated competent authority for DORA
and the Digital Operational Resilience Act (DORA) Regulations,
2023;
- Assigns to MFSA all functions, obligations and powers imposed
on competent authorities under DORA, including:
- Reporting of Major ICT-Related Incidents and Voluntary Notification of Significant Cyber Threats
- Responsibility for threat-led penetration testing matters at a
national level
- Introduces provisions on cooperation and exchange of
information, including:
- Transmission of reports and notifications to the European Central Bank in the case of credit institutions classified as significant
- Transmission of reports and notifications to the national Computer Security Incident Response Team
- Exchange of information
- Lays down Administrative and Criminal Penalties and Remedial
Measures for breaches of the DORA Regulation
- Designates MFSA as the designated competent authority for DORA
and the Digital Operational Resilience Act (DORA) Regulations,
2023;
- Financial Market Act and Investment Service Act Data
Reporting Services (Amendment) Regulations, 2023 which
proposes to amend both S.L. 345.21 and S.L. 370.37.
- Amendments to a number of cross-sectorial
legislation, including amendments to:
- Financial Institutions
- Financial Institutions Act, Cap. 376\
- Financial Institutions Rule FIR/01]
- Credit Institutions:
- Banking Act, Cap. 371
- S.L. 371.16
- S.L. 371.05
- Banking Rule BR/24
- Regulated Markets and Market Operators
- S.L. 345.04
- Financial Markets Act, Cap. 345
- Investment Service Providers
- Investment Services Rules for Investment Services Providers Part B, Part BI, Part BII and BIII
- S.L. 370.25
- S.L. 370.15
- Insurance
- Chapter 6 of the Insurance Rules: Systems of Governance
- Chapter 6 of the Insurance Rules: Systems of Governance
- Pensions
- Pension Rules for Occupational Retirement Schemes issued in
terms of the Retirement Pensions Act, 2011
- Pension Rules for Occupational Retirement Schemes issued in
terms of the Retirement Pensions Act, 2011
- Resolution
- S.L. 330.09
- Financial Institutions
Feedback on the proposed legislative amendments is to be submitted via the Government Portal and feedback on amendments to the MFSA rules is to be addressed to the Supervisory ICT Risk and Cybersecurity Function within the MFSA by sending an email to sirc@mfsa.mt. Feedback is to be submitted by no later than 16 February 2024.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.