PensionsEurope welcomes the efforts of the EU to increase the digital operational resilience of the financial sector and we recognise the importance of enhancing knowledge sharing and cooperation across the EU. We agree with the importance of a sound governance and risk management system to prevent and limit the impact of ICT-related incidents, disruptions, and threats.
We recognise that the financial sector is not homogeneous: as also the EC has correctly noted, significant differences exist between various financial entities in terms of size, business profiles and in relation to their exposure to digital risk meaning that also the consequences from cyber risks and ICT-related incidents faced by various financial entities differ greatly from one entity to another.
PensionsEurope believes that it is crucial that the specificities of IORPs are better reflected in the DORA requirements and that IORPs could at least benefit from a more proportional treatment in this context, thus not jeopardizing the societal goal of IORPs to provide an adequate pension income for their members and beneficiaries.