The European Securities and Markets Authority (ESMA) has identified ten practices from the supervisory activities and approaches of national competent authorities that would improve the continuity of remote access activities of central counterparty clearing houses (CCPs), according to its annual EU supervisory peer review report published on Tuesday 19 July.
In fact, some aspects of business continuity for remote access CCPs have not always been specifically assessed.
In most cases, this is because in many CCPs, remote working was already common practice or part of existing business continuity arrangements. In this context, telework has not introduced any major new risks that need to be reassessed.
However, the report points out that national competent authorities could better clarify how operational risks related to remote access are addressed when defining their risk-based approach.
Similarly, from a supervisory perspective, CCPs could better clarify the scope of risk-based penetration testing and how remote access risks are taken into account in such testing.
Read ESMA’s annual report: https://aeur.eu/f/2pq (Original version in French by Anne Damiani)