11 Amendments of Othmar KARAS related to 2020/0266(COD)
Amendment 271 #
Proposal for a regulation
Article 2 – paragraph 2 a (new)
Article 2 – paragraph 2 a (new)
2 a. This Regulation shall not apply to: (a) statutory auditors and audit firms, which are micro, small and medium-sized enterprises as defined in Article 2 of the Annex to Recommendation 2003/361; (b) insurance and reinsurance undertakings excluded from the scope due to size in accordance with Article 4 of Directive 2009/138/EC; (c) insurance intermediaries, reinsurance intermediaries and ancillary insurance intermediaries, which are microenterprises in accordance with Article 3 point (50).
Amendment 313 #
Proposal for a regulation
Article 3 – paragraph 1 – point 23 a (new)
Article 3 – paragraph 1 – point 23 a (new)
(23 a) ‘credit institution exempted by Directive 2013/36/EU’ means a credit institution benefiting from an exemption pursuant to points (4) to (23) of Article 2(5) of Directive2013/36/EU;
Amendment 314 #
Proposal for a regulation
Article 3 – paragraph 1 – point 24 a (new)
Article 3 – paragraph 1 – point 24 a (new)
(24 a) ‘small and non-interconnected investment firm’ means an investment firm that meets the conditions laid out in Article 12 (1) of Regulation (EU) 2019/2033;
Amendment 316 #
Proposal for a regulation
Article 3 – paragraph 1 – point 25 a (new)
Article 3 – paragraph 1 – point 25 a (new)
(25 a) ‘payment institution exempted by Directive (EU)2015/2366’ means a payment institution benefitting from an exemption pursuant to Article 32 (1) of Directive (EU) 2015/2366;
Amendment 317 #
Proposal for a regulation
Article 3 – paragraph 1 – point 26 a (new)
Article 3 – paragraph 1 – point 26 a (new)
(26 a) ‘electronic money institution exempted by Directive 2009/110/EC’ means an electronic money institution benefitting from a waiver under Article 9 of Directive 2009/110/EC;
Amendment 318 #
Proposal for a regulation
Article 3 – paragraph 1 – point 36
Article 3 – paragraph 1 – point 36
(36) ‘insurance intermediary’ means an insurance intermediary as defined in point (3) of paragraph 1 of Article 2 of Directive (EU) 2016/97; , which is not a microenterprise as defined in this Article;
Amendment 319 #
Proposal for a regulation
Article 3 – paragraph 1 – point 37
Article 3 – paragraph 1 – point 37
(37) ‘ancillary insurance intermediary’ means an ancillary insurance intermediary as defined in point (4) of Article 2 of Directive (EU) 2016/97, which is not a microenterprise as defined in this Article;
Amendment 320 #
Proposal for a regulation
Article 3 – paragraph 1 – point 38
Article 3 – paragraph 1 – point 38
(38) ‘reinsurance intermediary’ means a reinsurance intermediary as defined in point (5) of paragraph 1 of Article 2 of Directive (EU) 2016/97, which is not a microenterprise as defined in point (50) of this Article;
Amendment 328 #
Proposal for a regulation
Article 3 – paragraph 1 – point 50
Article 3 – paragraph 1 – point 50
(50) ‘microenterprise’ means a financial entity as defined in Article 2(32) of the Annex to Recommendation 2003/361/EC.
Amendment 335 #
Proposal for a regulation
Article 3 a (new)
Article 3 a (new)
Article 3 a Proportionality principle Financial entities other than those referred to in Article 14a shall implement the rules on ICT risk management foreseen in this Chapter in accordance with the principle of proportionality, by taking into account the size of their undertaking, the nature, scale and complexity of their services, activities and operations, and their overall risk profile.
Amendment 465 #
Proposal for a regulation
Article 14 a (new)
Article 14 a (new)
Article 14 a Proportionate ICT risk management framework 1. Articles 4 to 14 of this Regulation shall not apply to small and non-interconnected investment firms or payment institutions exempted by Directive (EU) 2015/2366, to credit institutions exempted by Directive 2013/36/EU, to electronic money institutions exempted by Directive 2009/110/EC or to small institutions for occupational retirement pensions. 2. Small and non-interconnected investment firms, payment institutions exempted by Directive (EU) 2015/2366, credit institutions exempted by Directive 2013/36/EU, electronic money institutions exempted by Directive 2009/110/EC and small institutions for occupational retirement pensions shall implement an ICT risk management framework in accordance with the principle of proportionality, by taking into account the size of their undertaking, the nature, scale, complexity of their services, activities and operations and their overall risk profile and shall: (a) put in place and maintain a sound and documented ICT risk management framework which details the mechanisms and measures aimed at a quick, efficient and comprehensive management of all ICT risks, including for the protection of relevant physical components and infrastructures. (b) continuously monitor the security and functioning of all ICT systems; (c) minimise the impact of ICT risks through the use of sound, resilient and updated ICT systems, protocols and tools which are appropriate for supporting the performance of their activities and the provision of services; (d) adequately protect confidentiality, integrity and availability of data network and information systems; (e) allow sources of risk and anomalies in the network and information systems to be promptly identified and detected and ICT incidents to be swiftly handled.