Search QAs

We use the services of a rating agention that is registered in ECAI.
That agention doesn't issue an offical rating for a bank in which we have some deposits, but provides a tool that uses the same financial data that is used for ratings calculation to get an unofficial rating. This unofficial rati…

1. Can you please clarify how 'cash in hand' should be stressed under Market risk? Is it correct to assume that it should be stressed under Equity Type 2 given that no other risk applies? If so, should it also be stressed under Concentration risk?
2. Can you also confirm that the CIC code for cash …

Does the economic management of real estate held by an non- life insurance undertaking as part of its investment portfolio, including the earning of rental income through short-term accommodation arrangements within the undertaking's own headquarters property, fall within the scope of "operations ar…

In 2999 - DORA030 - EIOPA, clarifications were provided on what types of services should be considered ICT services under DORA. It indicates that “In the case that financial entities provide ICT services to other financial entities in connection to their financial services, the receiving financial e…

In the case of global representatives, should contracts with VISA be excluded from the DORA regulation as they were from the EBA regulation?

DORA regulation, Article 25, paragraph 1 has this text

The digital operational resilience testing programme referred to in Article 24 shall provide, in accordance with the criteria set out in Article 4(2), for the execution of appropriate tests, such as vulnerability assessments and scans, open s…

Does an ICT provider’s NIS2 status (including classification as a critical or essential entity) in any way limit the applicability of DORA Articles 28–30 for a financial entity, particularly regarding the requirement to include DORA-aligned contractual provisions and obtain the cooperation needed fo…

Should the definition of ICT service in article 3.21 be deemed to include "Tap to Pay" services where bank customers enroll and digitise their payment cards by using an application in hardware supporting Near Field Communication (e.g. smart phones, smart watches etc.) and which are then used to do p…

Could you kindly advise when the official list of critical ICT third-party service providers under the DORA Regulation is expected to be published? Additionally, would it be possible to obtain any preliminary information regarding this matter and the designation?