DORA in Poland: Updated powers of the Polish Financial Supervision Authority
- Admin
- Sep 17, 2024
- 2 min read
Updated: Oct 9, 2024
The draft Act on amending certain laws in connection with ensuring operational digital resilience of the financial sector, implementing the DORA Regulation, will establish several important changes that broaden the scope of supervision of financial entities.
Key Points:
First and foremost, the Financial Supervision Authority (KNF) will be given the authority to supervise the compliance of the activities of financial entities identified in Article 5(6) of the draft act with the provisions of the DORA Regulation in relation to ensuring operational digital resilience compliance of the financial sector. In this respect, supervisory activities will primarily concern the categories of payment institutions, banks, brokerage houses, or investment fund companies indicated in the draft.
What should supervised entities prepare for in particular?
1. The KNF will be given the authority to conduct inspections in the broadened scope relating to DORA.
2. Financial entities will be required to provide the KNF at least once a year with information on the number of new arrangements for the use of ICT services, categories of third-party providers of ICT services, the type of contractual arrangements, and ICT services provided and functions supported.
3. Financial entities will be required to inform the KNF in a timely manner of any planned contractual arrangements for the use of ICT services supporting critical or essential functions, and that a function has become critical or essential.
4. Entities selected by the KNF because of, among other things, a specific ICT risk profile, or because of a particular impact on the financial sector, will be required to conduct penetration tests targeted by threat analysis at least every three years, and then report the results of the tests to the KNF for approval.
In Summary:
The provisions of the amending law grant the FSA new powers to ensure that designated financial entities comply with the digital resilience standards set by DORA.
