My favourites

Chapter IX – Transitional and final provisions (Art. 58-64)

Art. 58 DORA - Review clause arrow_right_alt

Art. 59 DORA - Amendments to Regulation (EC) No 1060/2009 arrow_right_alt

Regulation (EC) No 1060/2009 is amended as follows:

  1. in Annex I, Section A, point 4, the first subparagraph is replaced by the following:

‘A credit rating agency shall have sound administrative and accounting procedures, internal control mechanisms, effective procedures for risk assessment, and effective control and safeguard arrangements for managing ICT systems in accordance with Regulation (EU) 2022/2554 of the European Parliament and of the Council (*1).

(*1) Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (OJ L 333, 27.12.2022, p. 1).’;”

  1. in Annex III, point 12 is replaced by the following:

‘12.  The credit rating agency infringes Article 6(2), in conjunction with point 4 of Section A of Annex I, by not having sound administrative or accounting procedures, internal control mechanisms, effective procedures for risk assessment, or effective control or safeguard arrangements for managing ICT systems in accordance with Regulation (EU) 2022/2554; or by not implementing or maintaining decision-making procedures or organisational structures as required by that point.’.

Related
Close tabsclose
  • 102

Recital 102

Since this Regulation, together with Directive (EU) 2022/2556 of the European Parliament and of the Council (1), entails a consolidation of the ICT risk management provisions across multiple regulations and directives of the Union’s financial services acquis, including Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014 and (EU) No 909/2014, and Regulation (EU) 2016/1011 of the European Parliament and of the Council (2), in order to ensure full consistency, those Regulations should be amended to clarify that the applicable ICT risk-related provisions are laid down in this Regulation.


(1) Directive (EU) 2022/2556 of the European Parliament and of the Council of 14 December 2022 amending Directives 2009/65/EC, 2009/138/EC, 2011/61/EU, 2013/36/EU, 2014/59/EU, 2014/65/EU, (EU) 2015/2366 and (EU) 2016/2341 as regards digital operational resilience for the financial sector (see page 153 of this Official Journal).
(2) Regulation (EU) 2016/1011 of the European Parliament and of the Council of 8 June 2016 on indices used as benchmarks in financial instruments and financial contracts or to measure the performance of investment funds and amending Directives 2008/48/EC and 2014/17/EU and Regulation (EU) No 596/2014 (OJ L 171, 29.6.2016, p. 1).

Art. 60 DORA - Amendments to Regulation (EU) No 648/2012 arrow_right_alt

Art. 61 DORA - Amendments to Regulation (EU) No 909/2014 arrow_right_alt

Art. 62 DORA - Amendments to Regulation (EU) No 600/2014 arrow_right_alt

Art. 63 DORA - Amendment to Regulation (EU) 2016/1011 arrow_right_alt

Art. 64 DORA - Entry into force and application arrow_right_alt