§ DORA · Article 61
DORA Article 61: Obligations, Deadlines & Penalties
At a glance
Article 61 of the DORA imposes 10 obligations on CSD, ESMA. At least one obligation carries an explicit compliance deadline.
§ Obligations
All obligations under Article 61
Obligation 1
A CSD shall identify sources of operational risk, both internal and external, and minimise their impact through the deployment of appropriate ICT tools, processes and policies set up and managed in accordance with Regulation (EU) 2022/2554.
Regulation (EU) 2022/2554, Article 61, Article 61
- Obligated entity
-
CSD
- Sector scope
- Central Securities Depositories
- Action required
-
identify
- Deadline
-
—
- Penalty
-
—
Obligation 2
A CSD shall minimise the impact of operational risks through any other relevant appropriate tools, controls and procedures for other types of operational risk, including for all the securities settlement systems it operates.
Regulation (EU) 2022/2554, Article 61, Article 61
- Obligated entity
-
CSD
- Sector scope
- Central Securities Depositories
- Action required
-
minimise
- Deadline
-
—
- Penalty
-
—
Obligation 3
For services that it provides as well as for each securities settlement system that it operates, a CSD shall establish, implement and maintain an adequate business continuity policy and disaster recovery plan, including ICT business continuity policy and ICT response and recovery plans established in accordance with Regulation (EU) 2022/2554.
Regulation (EU) 2022/2554, Article 61, Article 61
- Obligated entity
-
CSD
- Sector scope
- Central Securities Depositories
- Action required
-
establish
- Deadline
-
—
- Penalty
-
—
Obligation 4
The business continuity policy and disaster recovery plan shall ensure the preservation of services, the timely recovery of operations and the fulfilment of the CSD’s obligations in the case of events that pose a significant risk to disrupting operations.
Regulation (EU) 2022/2554, Article 61, Article 61
- Obligated entity
-
CSD
- Sector scope
- Central Securities Depositories
- Action required
-
ensure
- Deadline
-
—
- Penalty
-
—
Obligation 5
The plan referred to in paragraph 3 shall provide for the recovery of all transactions and participants’ positions at the time of disruption to allow the participants of a CSD to continue to operate with certainty and to complete settlement on the scheduled date.
Regulation (EU) 2022/2554, Article 61, Article 61
- Obligated entity
-
CSD
- Sector scope
- Central Securities Depositories
- Action required
-
provide
- Deadline
-
—
- Penalty
-
—
Obligation 6
The plan shall ensure that critical IT systems can resume operations from the time of disruption as provided for in Article 12(5) and (7) of Regulation (EU) 2022/2554.
Regulation (EU) 2022/2554, Article 61, Article 61
- Obligated entity
-
CSD
- Sector scope
- Central Securities Depositories
- Action required
-
ensure
- Deadline
-
—
- Penalty
-
—
Obligation 7
A CSD shall identify, monitor and manage the risks that key participants in the securities settlement systems it operates, as well as service and utility providers, and other CSDs or other market infrastructures might pose to its operations.
Regulation (EU) 2022/2554, Article 61, Article 61
- Obligated entity
-
CSD
- Sector scope
- Central Securities Depositories
- Action required
-
identify
- Deadline
-
—
- Penalty
-
—
Obligation 8
A CSD shall, upon request, provide competent and relevant authorities with information on any such risk identified.
Regulation (EU) 2022/2554, Article 61, Article 61
- Obligated entity
-
CSD
- Sector scope
- Central Securities Depositories
- Action required
-
provide
- Deadline
-
upon request
- Penalty
-
—
Obligation 9
A CSD shall inform the competent authority and relevant authorities without delay of any operational incidents, other than in relation to ICT risk, resulting from such risks.
Regulation (EU) 2022/2554, Article 61, Article 61
- Obligated entity
-
CSD
- Sector scope
- Central Securities Depositories
- Action required
-
inform
- Deadline
-
without delay
- Penalty
-
—
Obligation 10
ESMA shall, in close cooperation with the members of the ESCB, develop draft regulatory technical standards to specify the operational risks referred to in paragraphs 1 and 6, other than ICT risk, and the methods to test, to address or to minimise those risks.
Regulation (EU) 2022/2554, Article 61, Article 61
- Obligated entity
-
ESMA
- Sector scope
- Financial Sector Supervision
- Action required
-
develop
- Deadline
-
—
- Penalty
-
—
§ Frequently asked
Questions about Article 61
Who must comply with Article 61 of the DORA?
+
CSD, ESMA.
What does Article 61 of the DORA require?
+
identify minimise establish
What is the compliance deadline for DORA Article 61?
+
upon request; without delay