BETA
Home MEPs Dossiers Committees Subjects Blog About Dumps

Activities of José GUSMÃO related to 2020/0266(COD)

Shadow reports (1)

REPORT on the proposal for a regulation of the European Parliament and of the Council on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014 and (EU) No 909/2014
2021/12/07
Committee: ECON
Dossiers: 2020/0266(COD)
Documents: PDF(481 KB) DOC(172 KB)
Authors: [{'name': 'Billy KELLEHER', 'mepid': 197818}]

Amendments (6)

Amendment 189 #
José GUSMÃO
Proposal for a regulation
Recital 34
(34) As larger financial entities may enjoy wider resources and could swiftly deploy funds to develop governance structures and set up various corporate strategies, only financial entities which are not micro enterprises in the sense of this Regulation should be required to establish more complex governance arrangements. Such entities are better equipped in particular to set up dedicated management functions for supervising arrangements with ICT third-party service providers or for dealing with crisis management, to organise their ICT risk management according to the three lines of defence model, or to adopt a human resources document comprehensively explaining access rights policies. By the same token, only such financial entities should be called to perform in- depth assessments after major changes in the network and information system infrastructures and processes, to regularly conduct risk analyses on legacy ICT systems, or expand the testing of business continuity and response and recovery plans to capture switchovers scenarios between primary ICT infrastructure and redundant facilities.deleted
2021/06/01
Committee: ECON
Amendment 191 #
José GUSMÃO
Proposal for a regulation
Recital 35
(35) Moreover, as solely those financial entities identified as significant for the purposes of the advanced digital resilience testing should be required to conduct threat led penetration tests, the administrative processes and financial costs entailed by the performance of such tests should be devolved to a small percentage of financial entities. Finally, with a view to ease regulatory burdens, only financial entities other than micro enterprises should be asked to regularly report to the competent authorities all costs and losses caused by ICT disruptions and the results of post- incident reviews after significant ICT disruptions.deleted
2021/06/01
Committee: ECON
Amendment 195 #
José GUSMÃO
Proposal for a regulation
Recital 39 a (new)
(39 a) Sharing of threat intelligence should be compulsory; financial institutions should be legally obliged to file reports of known threats to their NCAs and relevant ESA. The information could then be shared if requested (confidentially and anonymously), through a central clearing house, such as an EU Hub for Incident Reporting.
2021/06/01
Committee: ECON
Amendment 196 #
José GUSMÃO
Proposal for a regulation
Recital 39 b (new)
(39 b) The collective interest in preventing systemic instability and wide- ranging harm to the financial system clearly outweighs any individual institution’s interest in protecting commercial secrets or preventing damage to its reputation. Nevertheless, proper mechanisms for the confidential exchange and handling of incident data should be put in place to mitigate the risk of leaks.
2021/06/01
Committee: ECON
Amendment 238 #
José GUSMÃO
Proposal for a regulation
Recital 73 a (new)
(73 a) Although protection against cyberattacks is an important tool against financial instability, it is of note that the most significant systemic risks are not the result of external threats but instead originate within the financial system itself, due to its internal mechanisms and incentives structure. In that regard, this Regulation should be understood as a necessary, though not sufficient, condition for the promotion of financial stability;
2021/06/01
Committee: ECON
Amendment 655 #
José GUSMÃO
Proposal for a regulation
Article 28 – paragraph 2 – point b – introductory part
(b) the systemic character or importance of the financial entities that rely on the relevant ICT third-party provider, assessed in accordance with the following parameters:Basel Committee on Banking Supervision's standard number 2391a and the following parameters: _________________ 1a https://www.bis.org/publ/bcbs239.pdf
2021/06/01
Committee: ECON
@parltrack
@parltrack@eupolicy.social
[javascript protected email address]
code AGPLv3.0+
data ODBLv1.0
site content CC-By-Sa-3.0

ParlTrack - 2011-2024

© European Union, 2011 – Source: European Parliament
Hosted by AS250.net Foundation