Article 52 Digital Operational Resilience Act (DORA), Amendments To Regulation (EC) No 1060/2009

Article 52 of the Digital Operational Resilience Act (DORA) introduces significant amendments to Regulation (EC) No 1060/2009, which governs credit rating agencies (CRAs). This update is designed to enhance the operational resilience of CRAs by aligning their administrative and accounting procedures with the stringent requirements set forth in DORA.

Revised Administrative and Accounting Procedures

The amendment to Regulation (EC) No 1060/2009 replaces the existing language in Annex I, Section A, point 4. The revised text mandates that credit rating agencies must maintain sound administrative and accounting procedures. This change reflects a broader emphasis on ensuring that CRAs have robust systems in place to manage their financial and operational activities. The goal is to enhance the transparency, reliability, and integrity of financial information within these organizations.

Strengthened Internal Control Mechanisms

The updated regulation now requires CRAs to implement effective internal control mechanisms. This change underscores the importance of having robust internal controls to prevent and detect errors or fraud, ensure compliance with regulatory requirements, and safeguard the accuracy of credit ratings. Internal control mechanisms are crucial for maintaining the credibility and reliability of credit assessments, which directly impact financial markets and investor confidence.

Enhanced Procedures for Risk Assessment

In addition to internal controls, the amendment emphasizes the need for effective procedures for risk assessment. CRAs must develop and maintain comprehensive risk assessment procedures to identify, evaluate, and manage various risks that could affect their operations. This includes risks related to financial stability, operational disruptions, and technological vulnerabilities. By enhancing risk assessment practices, CRAs can better prepare for and mitigate potential threats to their operational resilience.

Improved ICT Systems Management

One of the most critical aspects of the amendment is the requirement for effective control and safeguard arrangements for managing Information and Communication Technology (ICT) systems. CRAs must align their ICT management practices with the provisions outlined in Regulation (EU) 2021/xx, which is part of the Digital Operational Resilience Act (DORA). This regulation sets forth specific requirements for ICT systems, including their security, reliability, and capacity to withstand and recover from disruptions.

The emphasis on ICT systems management reflects the growing importance of digital resilience in the financial sector. As CRAs increasingly rely on technology for their operations, it is essential to ensure that their ICT systems are robust and secure. This includes implementing measures to protect against cyber threats, ensuring system redundancy, and having effective recovery plans in place.

Implementation Timeline and Compliance

The revised provisions will come into effect as specified in Regulation (EU) 2021/xx, which will be published in the Official Journal of the European Union. Credit rating agencies will need to adapt their internal procedures and systems to comply with the new requirements within the timeline set forth in the regulation.

CRAs are encouraged to review and update their administrative, accounting, and ICT management practices to align with the amended regulation. This may involve enhancing their internal control frameworks, investing in advanced risk assessment tools, and strengthening their ICT infrastructure to meet the new standards.

Conclusion

The amendments introduced by Article 52 of the Digital Operational Resilience Act represent a significant step towards enhancing the operational resilience of credit rating agencies. By mandating sound administrative procedures, robust internal controls, comprehensive risk assessment, and effective ICT systems management, these changes aim to improve the reliability and stability of CRAs. As financial markets continue to evolve and become increasingly dependent on technology, ensuring the resilience of credit rating agencies is crucial for maintaining market integrity and investor confidence.