The European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA) and ESMA have published an overview of information and communication technology (ICT) supplied by third-party providers (TPP) to financial services companies.
Collectively known as the European Supervisory Authorities (ESAs), the EBA, the EIOPA and ESMA released the publication as part of preparations for the Digital Operational Resilience Act (DORA).
The analysis aims to map the provision of ICT services by TPPs to financial entities in the European Union. It also looks to support the ESAs’ policy making process in light of the European Commission’s call for advice to further specify the criteria for critical ICT TPPs and to determine oversight fees.
The data collection was the first of its kind, covering ICT-related contractual arrangements for entities across the financial sector.
Overall, the exercise identified that around 15,000 ICT TPPs directly serve financial sector entities across the EU.
It found that the most frequently used ICT TPPs support critical or important functions for their clients in a range of services. In addition, most critical services were classified as ‘non-substitutable’ by financial institutions.
The ESAs say that the data collection underlined the importance of ensuring that financial entities provide unique identifiers in the data submitted, and the need to develop an appropriate ICT services taxonomy.
