The ESAs and UK financial regulators sign MoU
19 January 2026 Europe
Image: Екатерина_Чумаченко/stock.adobe.com
The European Supervisory Authorities (ESA), EBA, EIOPA, and ESMA (the ESAs) have signed a Memorandum of Understanding (MoU) with the Bank of England (BoE), the Prudential Regulation Authority (PRA), and the Financial Conduct Authority (FCA).
This agreement furthers the cooperation between the authorities to oversee ICT third-party service providers (CTPPs) as required by the Digital Operational Resilience Act (DORA).
The MoU establishes clear principles and procedures for cooperation, information sharing, and coordination of oversight activities between the relevant authorities responsible for EU CTPPs/UK CTPs oversight.
It aims to improve third-party risk management and contribute to the overall operational resilience of the financial sector in the EU and UK through strong cross-border cooperation.
The agreement has been prepared in alignment with DORA Articles 36, 44, and 49, which cover the ESAs’ oversight powers, international cooperation, and financial cross-sector exercises, communication and cooperation.
​To exchange information with a third-country authority, the ESAs must ensure that the confidentiality and professional secrecy regime in the third country is equivalent to that in the EU.
Therefore, before signing this MoU, the ESAs conducted an assessment that confirmed the UK confidentiality and professional secrecy regime’s equivalence with that in DORA.
The DORA act establishes a comprehensive framework to ensure the digital operational resilience of financial entities within the European Union.
This Regulation sets out requirements for financial entities with regards to the management of information and communication technology (ICT) risks, incident reporting, and third-party risk management, to safeguard the financial sector against cyber threats and ICT disruptions.
This agreement furthers the cooperation between the authorities to oversee ICT third-party service providers (CTPPs) as required by the Digital Operational Resilience Act (DORA).
The MoU establishes clear principles and procedures for cooperation, information sharing, and coordination of oversight activities between the relevant authorities responsible for EU CTPPs/UK CTPs oversight.
It aims to improve third-party risk management and contribute to the overall operational resilience of the financial sector in the EU and UK through strong cross-border cooperation.
The agreement has been prepared in alignment with DORA Articles 36, 44, and 49, which cover the ESAs’ oversight powers, international cooperation, and financial cross-sector exercises, communication and cooperation.
​To exchange information with a third-country authority, the ESAs must ensure that the confidentiality and professional secrecy regime in the third country is equivalent to that in the EU.
Therefore, before signing this MoU, the ESAs conducted an assessment that confirmed the UK confidentiality and professional secrecy regime’s equivalence with that in DORA.
The DORA act establishes a comprehensive framework to ensure the digital operational resilience of financial entities within the European Union.
This Regulation sets out requirements for financial entities with regards to the management of information and communication technology (ICT) risks, incident reporting, and third-party risk management, to safeguard the financial sector against cyber threats and ICT disruptions.
NO FEE, NO RISK
100% ON RETURNS If you invest in only one securities finance news source this year, make sure it is your free subscription to Securities Â鶹ӰÊÓ´«Ã½ Times
100% ON RETURNS If you invest in only one securities finance news source this year, make sure it is your free subscription to Securities Â鶹ӰÊÓ´«Ã½ Times
