23 Amendments of Stéphanie YON-COURTIN related to 2020/0266(COD)
Amendment 158 #
Proposal for a regulation
Recital 2
Recital 2
(2) The use of ICT has in the last decades gained a pivotal role in finance, assuming today critical relevance in the operation of typical daily functions of all financial entities. Digitalisation covers, for instance, payments, which have increasingly moved from cash and paper- based methods to the use of digital solutions, as well as securities clearing and settlement, electronic and algorithmic trading, lending and funding operations, peer-to-peer finance, credit rating, insurance underwriting, claim management and back-office operations. The insurance sector has also been transformed by the use of ICT technology, from the emergence of digital insurance intermediaries operating with InsurTech to digital insurance underwriting and contract distributions. Finance has not only become largely digital throughout the whole sector, but digitalisation has also deepened interconnections and dependencies within the financial sector and with third-party infrastructure and service providers.
Amendment 170 #
Proposal for a regulation
Recital 17 – point 1
Recital 17 – point 1
ESAs and national competent authorities, respectively should be able to participate in the strategic policy discussions and the technical workings of the NIS Cooperation Group, respectively, exchanges information and further cooperate with the single points of contact designated under Directive (EU) 2016/1148. The competent authorities under this Regulation should also consult and cooperate with the national CSIRTs designated in accordance with Article 9 of Directive (EU) 2016/1148, in particular when finalising the Oversight plan for, or recommendations addressed to, critical ICT third-party service providers, in order to ensure that there are no inconsistencies or duplications with critical ICT third- party service providers' obligations under Directive (EU) 2016/1148.
Amendment 198 #
Proposal for a regulation
Recital 43
Recital 43
(43) Further reflection on the possible cCentralisation of ICT-related incident reports should be envisaged, by means of a single central EU Hub either directly receiving the relevant reports and automatically notifying national competent authorities, or merelywill be achieved with the establishment of a single central EU Hub for major ICT-related incident reporting. The new EU Hub will centralisinge reports forwarded by the national competent authorities and fulfilling a coordination role. The ESAs should be required to prepare, in consultation with ECB and ENISA, by a certain date a joint report exploring the feasibility of setting up such a central EU Hub.
Amendment 217 #
Proposal for a regulation
Recital 58
Recital 58
(58) The requirement of legal incorporationto establish a subsidiary in the Union ofor ICT third- party service providers which have been designated as critical does not amount to data localisation since this Regulation does not entail any further requirement on data storage or processing to be undertaken in Union. The requirement to have a subsidiary in the Union is intended to provide a contact point between the ICT third-party service provider, on the one hand, and the ESAs and Joint Oversight Executive Body, on the other, and to ensure that the Joint Oversight Executive Body is able to carry out its duties and exercise its powers of oversight and enforcement as foreseen under this Regulation.
Amendment 228 #
Proposal for a regulation
Recital 66 a (new)
Recital 66 a (new)
(66 a) In order to include the full range of practical experience and operational expertise, the Joint Oversight Executive Body should include independent directors from each ESA, in charge of digital operational resilience for the financial sector.
Amendment 229 #
Proposal for a regulation
Recital 66 b (new)
Recital 66 b (new)
Amendment 230 #
Proposal for a regulation
Recital 66 c (new)
Recital 66 c (new)
(66 c) In order to ensure transparency and democratic control, as well as to safeguard the rights of the Union institutions, the independent directors should be accountable to the European Parliament and to the Council for any decisions taken on the basis of this Regulation.
Amendment 231 #
Proposal for a regulation
Recital 66 d (new)
Recital 66 d (new)
(66 d) The independent directors should act independently and objectively in the interests of the Union. They should ensure that appropriate account is taken of the proper functioning of the internal market as well as financial stability in each Member State and in the Union.
Amendment 235 #
Proposal for a regulation
Recital 69 – point 1
Recital 69 – point 1
Technical standards should ensure the consistent harmonisation of the requirements laid down in this Regulation. As bodies with highly specialised expertise, the ESAs should be mandated to develop draft regulatory technical standards which do not involve policy choices, for submission to the Commission. Regulatory technical standards should be developed in the areas of ICT risk management, reporting, testing and key requirements for a sound monitoring of ICT third-party risk. When developing draft regulatory technical standards, the ESAs should take due consideration of their mandate in relation to proportionality aspects, and seek advice from their respective Advisory Committees on Proportionality, in particular in relation to the application of the DORA framework to SMEs and mid-caps.
Amendment 263 #
Proposal for a regulation
Article 2 – paragraph 1 – point b a (new)
Article 2 – paragraph 1 – point b a (new)
(b a) payment systems
Amendment 315 #
Proposal for a regulation
Article 3 – paragraph 1 – point 25 a (new)
Article 3 – paragraph 1 – point 25 a (new)
(25 a) 'payment system' means a payment system as defined in Article 4(7) of Directive (EU) 2015/2366, with the exception of payment systems subject to ECB Regulation (EU) 795/2014.
Amendment 489 #
Proposal for a regulation
Article 17 – paragraph 1 – introductory part
Article 17 – paragraph 1 – introductory part
1. Financial entities shall report major ICT-related incidents to the relevant competent authoritysingle EU Hub as referred to in Article 419, within the time- limits laid down in paragraph 3.
Amendment 490 #
Proposal for a regulation
Article 17 – paragraph 1 – subparagraph 1
Article 17 – paragraph 1 – subparagraph 1
For the purpose of the first subparagraph, financial entities shall produce, after collecting and analysing all relevant information, an incident report using the template referred to in Article 18 and submit it to the competent authoritysingle EU Hub.
Amendment 502 #
Proposal for a regulation
Article 17 – paragraph 3 – introductory part
Article 17 – paragraph 3 – introductory part
3. Financial entities shall submit to the competent authoritysingle EU Hub as referred to in Article 419:
Amendment 520 #
Proposal for a regulation
Article 17 – paragraph 5
Article 17 – paragraph 5
Amendment 531 #
Proposal for a regulation
Article 19 – paragraph 1
Article 19 – paragraph 1
1. The1. ESAs, through the Joint Committee and in consultation with ECB and ENISA, shall prepare a joint report assessing the feasibility of further centralisation of incident reporting through the establishment of a single EU Hub for major ICT-related incident reporting by financial entities. The report shall explore ways to facilitate the flow of ICT-related incident reporting, reduce associated costs and underpin thematic analyses with a view to enhancing supervisory convergence shall establish and operate a single EU Hub for major ICT-related incident reporting by financial entities.
Amendment 537 #
Proposal for a regulation
Article 19 – paragraph 2
Article 19 – paragraph 2
Amendment 538 #
Proposal for a regulation
Article 19 – paragraph 2 – introductory part
Article 19 – paragraph 2 – introductory part
2. The reportEU Hub shall collect and maintain incident data and shall ensure that the entities referred to in the paragraph 1 shall comprise at least the following elements:3 have direct and immediate access to the relevant information.
Amendment 541 #
Proposal for a regulation
Article 19 – paragraph 3
Article 19 – paragraph 3
3. The ESAs shall submitU Hub shall make the necessary information available to the following entities to enable them to fulfil their report referred to in the paragraph 1 to the Commission, the European Parliament and to the Council by xx 202x [OJ: insert date 3 years after the date of entry into force]. spective responsibilities and mandates: (a) Competent authorities as referred to in Article 41; (b) EBA, ESMA or EIOPA, as appropriate; (c) the ECB, as appropriate, in the case of financial entities referred to in points (a), (b) and (c) of Article 2(1); (d) the single point of contact designated under Article 8 of Directive (EU) 2016/1148; (e) the Single Resolution Board (SRB), for entities referred to in Article 7(2) of Regulation (EU) No 806/2014, and national resolution authorities in relation to entities referred to in Article 7(3) of Regulation (EU) No 806/2014; and (f) the relevant national CSIRT belonging to the CSIRTs network as established by Article 12 of Directive (EU) 2016/1148, in cases where the reporting entity falls within the scope of that Directive.
Amendment 544 #
3 a. The ESAs, through the Joint Committee and after consultation with ENISA and the ECB, shall develop common draft regulatory technical standards specifying the following: (a) modalities and operational standards for the entities referred to in paragraph 3 to access the EU Hub; (b) the terms and conditions, the arrangements and the required documentation under which access to the EU Hub is granted to the entities referred to in paragraph 3; (c) the conditions for membership of financial entities.
Amendment 673 #
Proposal for a regulation
Article 28 – paragraph 9
Article 28 – paragraph 9
9. Financial entities shall not make use of an ICT third-party service provider established in a third country that would be designated as critical pursuant to point (a) of paragraph 1 if it were establishedthat ICT third-party service provider has a subsidiary in the Union.
Amendment 682 #
Proposal for a regulation
Article 29 – paragraph 4
Article 29 – paragraph 4
4. The Joint Oversight ForumExecutive Body shall be composed of the Chairpersons of theone independent director from EBA, one independent director from EIOPA, one independent director from ESMAs, and one high-level representative from the current staff of the relevant competent authority from each Member Stateat least five of the national competent authorities. The Executive Directors of each ESA and one representative from the European Commission, from the ESRB, from ECB and from ENISA shall participate in the Joint Oversight ForumExecutive Body as observers.
Amendment 684 #
Proposal for a regulation
Article 29 – paragraph 4 a (new)
Article 29 – paragraph 4 a (new)