On Thursday 9 November, the European Securities and Markets Authority (ESMA) announced that it would place cyber risks at the top of its list of Union Strategic Supervision Priorities (USSP) for market supervision.
By focusing on this aspect - in parallel with the work being done on environmental, social and governance criteria - ESMA wishes to monitor developments in markets and technologies and “watch for potential contagion effects of attacks and disruptions on markets and companies”.
The new USSP will come into force in 2025, at the same time as the ‘DORA’ regulation on the operational resilience of the financial sector to cyber risks (see EUROPE 13259/23). This timetable, says ESMA, will give “supervisors and companies in the Member States sufficient time to prepare to comply with the new regulatory requirements”.
The future USSP will be based in part on the work already carried out by ESMA and the national competent authorities, which have already “developed common data quality methodologies and data sharing frameworks”, worked on detecting surveillance problems and “carried out surveys and developed surveillance tools to extract more information from the reported data”. (Original version in French by Thomas Mangin)