Search QAs

If a company has both DORA regulated activities and other - non-regulated - activities, does DORA apply to those other non-regulated activities as well? If so, is there a minimum % that the DORA regulated activities should be of the overall company activities for the non-regulated activities to be regulated by DORA as well?

What guidelines should an insurance company follow, with regards to ICT, that falls within the exeption of DORA, now that the EIOPA guidelines on Communication technology security and governance have been revoked?

We are contacting regarding a question we have regarding the ITS ICT services supply chain – Information Registry. The question is as follows: We understood that since the RTS – ICT Services Outsourcing (RTS) has been rejected, this would also apply to the registration of third-party ICT services in…

In Finland telecom operators are strictly regulated, regulations include “Act on electronic communication services (917/2014)", which does not allow to give access to a telecom operators data. This means that data communications service providers are not able to agree to a customer's requirement to …

In connection with the withdrawal the "Guidelines on information communication technology security and governance", for those insurance undertakings that fall outside the scope of DORA due to size, but falls within Solvency II in respect of system of governance, what guidelines are they expected to …

1) in the regulation this clause related to pen testing: ` are certified by an accreditation body in a Member State or adhere to formal codes of conduct or ethical frameworks' would it suffice if the testers do not have formal industry certifications but followed industry standards such as OWASP, NI…

Can a national supervisor refuse in its territory the distribution of capital redemption operations linked to investment funds and thereby including a commitment to pay out the equivalent value of a determined amount of parts of one or multiple investment funds, by EU insurance companies based on a national provision considered to be protecting the general good?

Is it possible to hold multiple PEPP contracts with different providers?

The question is about annuities relating to non-life insurance and how the cashflows should be reported in S.26.03 ja S.26.04. In this contects we have defined a contract to mean the insurer's responsibility to pay annuity to beneficiary. The contract includes two different cashflows: cashflow of annuity payments to the beneficiary and cashflow of loss adjustment expenses. What should be reported as liabilities sensitive to risk before and after expense shock in reports S.26.03 and S.26.04 R0500/C0030 and R0500/C0050? The sum of both cashflows of the contract (annyity payments and loss adjustment expenses) or only cashflow of loss adjustment expenses? In both cases result(scr) is the same