The CSSF has recently reiterated a key message for all supervised entities: if a major ICT-related incident occurs, it must be reported—promptly and without exception.
The Commission de Surveillance du Secteur Financier (CSSF) has issued two Circulars — CSSF 25/893 and CSSF 25/892 — that reinforce Luxembourg’s commitment to implementing the Digital Operational Resilience Act (DORA). These circulars provide a comprehensive regulatory framework for ICT-related incident classification and reporting, as well as for estimating the financial impact of such incidents. Branches in Luxembourg of financial entities whose head office is based in another EU Member State (EU branches) are expected to report major ICT-related incidents, significant cyber threats and their estimations to the competent authority of their home Member State under DORA. As such, they are excluded from the scope of these circulars.
The three European Supervisory Authorities (EBA, EIOPA, and ESMA, collectively known as the ESAs) have unveiled the second batch of policy products under the Digital Operational Resilience Act (DORA). This latest release comprises four final draft regulatory technical standards (RTS), one set of Implementing Technical Standards (ITS), and two guidelines, all designed to bolster the digital operational resilience of the European Union’s financial sector.
The CSSF and the CAA are authorised to impose administrative sanctions and measures for violations of specific articles of the EU regulation 2022/2554. These sanctions can be applied to both individuals and organisations, including directors and responsible persons within the entities.
As the deadline for compliance with Circular CSSF 24/847 on ICT-related incident reporting framework rapidly approaches, financial institutions are facing mounting pressure to ensure their systems are up to standard. With the 1st of April deadline just around the corner, it's imperative for organisations to act swiftly to avoid potential penalties and reputational damage.
One of the main chapter of the 20/750 CSSF Circular is Logical Security (IAM/PAM). How to comply with this point of the circular? Grant Thornton, in collaboration with Grabowsky, can assist you through advisory and solutions.
Meet our expert Jean-Hubert Antoine and implement the most relevant training initiatives, the most relevant security governance and insurance coverage.
Grant Thornton Luxembourg Technology Hub is proud to announce that its Blockchain as a Service infrastructure GTChain.net has been chosen by the European Blockchain Observatory and Forum to be one of the top 10 Blockchain initiatives in Luxembourg.
Grant Thornton Technology Hub is supporting the Blockchain Competence Centre of the European Commission, to develop the European Financial Transparency Gateway project (EFTG)
Grant Thornton Luxembourg Technology Hub Services stem from the ambition to complement the current consulting offering for financial institutions with dedicated technology advisory services in domains such as Blockchain, Cybersecurity and Innovation.
Grant Thornton Luxembourg as an IBM business partner participated in the ICT Spring Europe on 15 and 16 May 2018. It was the second time that Grant Thornton took part in this event to present digital transformation, blockchain, and cloud services.
ICO (Initial Coin Offering) is a fundraising method in full ascendancy. Several billion dollars have already been invested since the beginning of 2017. What is this method, what are its risks and future implications?
Grant Thornton Luxembourg participated in the ICT Spring 2017. It was the first time that Grant Thornton joined this event to present its new initiatives and projects in the Fintech domain together with some of our clients such as Contoworks or Coinplus.
The Grant Thornton Luxembourg Technology Hub Services stems from the ambition to complement our current advisory services offer for financial institutions with focused services in domains such as Blockchain, Cybersecurity and Innovation.