Month: October 2024
DORA Check
By Renate Prinz on 31. October, 2024
Digital threats and cyberattacks are increasing every year. In 2023, digital threats caused damages of more than €200 billion in Germany, of which 72% resulted from cyberattacks (source: Bitkom, study on economic protection 2023). To counter the threat to the system-critical financial sector, the EU has decided to implement a uniform, high level of security. The Digital Operational Resilience Act (DORA) is the answer.
The regulation on digital operational resilience is intended to reduce the risks arising from the ever-increasing dependence on information and communication technology in the financial sector. In particular, DORA is expected to reduce the risk of severe operational disruption arising from digital threats and cyberattacks, by focusing on the entire value chain. Notably, DORA subjects IT service providers to direct financial supervision – for the first time. DORA will apply to companies in the financial sector and their IT service providers from January 17, 2025 . It’s crucial for every company to check whether DORA applies to them and what measures need to be taken now, including reviewing outsourcing contracts for DORA compliance and internal IT infrastructure.
McDermott developed DORA Check to provide a first overview of the regulation to keep users informed about the legal essentials of DORA.
Click here to access the tool.
DORA takes effect: Digital resilience and cybersecurity in the EU
By Renate Prinz on 29. October, 2024
McDermott Will & Emery’s financial regulatory partner Renate Prinz authored in Finextra that explored what DORA (the EU’s Digital Operational Resilience Act) entails, what its contents and objectives are, and what relevant companies need to do now to be DORA compliant next year. Here you can read the full article.
ZuFinG II – The Next Step Towards Strengthening Germany as a Financial Hub?
By Annabelle Rau on 10. October, 2024
Posted In Banking Law, Crypto Regulation, Financial Services, Payment Services
Following the initial steps with the Future Financing Act (“ZuFinG I“), the Federal Ministry of Finance presented the draft of the Second Future Financing Act (“ZuFinG II-E” and “Draft Bill“) on 27 August 2024. The Draft Bill aims to further develop the German financial market and revise some of the existing regulations. The primary focus is on facilitating access to the capital markets and relieving financial actors from excessive bureaucracy.
New Regulations for Payment Service Providers Regarding Customer Funds
Payment service providers are required to safeguard customer funds they receive according to the methods outlined in the German Payment Services Supervision Act (Zahlungsdiensteaufsichtsgesetz – ZAG). This can be done, for example, through an escrow account with a credit institution, as well as through insurance or a guarantee. ZuFinG II-E now introduces an additional provision, allowing customer funds to be deposited with the Deutsche Bundesbank or any other central bank of an EU member state. This gives payment service providers another option for safeguarding customer funds compliant with insolvency law.
To protect customers, the Draft Bill further proposes explicit regulations, whereby the received funds will be legally protected if they are held in a segregated account. Until now, this protection was based only on general, non-codified rules for escrow accounts. Payment service providers will likely need to review and potentially adapt their processes in light of the new regulations. However, these amendments also provide greater flexibility by offering an additional method for safeguarding funds. Furthermore, customer protection is enhanced through the explicit provisions, leading to increased legal certainty for payment service providers as well.
Loosening Employment Protection for High Earners in the Financial Sector
The conditions for high earners in the financial sector are set to become more flexible. ZuFinG II-E proposes loosening employment protection for individuals with very high incomes in the financial sector. This includes employees whose annual fixed remuneration exceeds three times the contribution assessment threshold for general pension insurance (Section 159 of the German Social Code VI) and who are not managing directors, plant managers or similar senior executives.
Specifically, high earners who are risk-takers will be treated similarly to executive employees in terms of employment protection. This means, for example, that the employer may submit an application for termination of the employment agreement in return for severance pay, which does not require any substantiation.
Such a regulation already exists under current rules for risk-takers at significant credit institutions. The limitation to significant institutions will now be lifted and extended to include securities institutions, asset management companies, and insurance companies, among others.
Further Measures to Reduce Bureaucracy: Less Effort, More Efficiency
Additionally, ZuFinG II-E seeks to further promote the reduction of bureaucracy in financial supervision through the following measures:
- Simplifying cross-border services: The Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht – “BaFin“) will no longer be required to substantively review the notification of cross-border services provided by German investment firms. Instead, BaFin will simply forward the notifications to the competent authority in the host member state without a detailed examination.
- Higher threshold for large exposures: The reporting threshold for large exposures and loans will be raised from EUR 1 million to EUR 2 million.
- Facilitations for crowdfunding: An amendment to the German Asset Investment Act (Vermögensanlagegesetz – VermAnlG) will extend the prospectus exemption for crowdfunding offerings to also cover offers of cooperative shares.
- Removal of the list for crypto securities:
- Under ZuFinG I, the requirement to publish entries of crypto securities in the German Federal Gazette was abolished to reduce the bureaucratic burden and costs for issuers.
- According to the Draft Bill, the public list of crypto securities maintained by BaFin will also be abolished to save costs and reduce the effort required by BaFin to maintain the list and by issuers to submit notifications.
- Removal of the Employee and Complaints Register (Mitarbeiter- und Beschwerderegisters – “MBR”) at BaFin:
- The obligation for institutions to notify BaFin of their investment advisors, sales representatives, and compliance officers, as well as to report complaints to the MBR, will be removed, which will reduce the administrative burden on both institutions and BaFin.
- The obligation for institutions to only employ competent and reliable staff for the relevant tasks remains unchanged and is unaffected by the abolition of the MBR.
Looking Ahead: What’s Next?
The Draft Bill is still in the legislative process and is expected to undergo several amendments. However, financial sector participants can already consider how they might adapt their internal processes to comply with the upcoming regulations. In particular, the proposed bureaucratic relief and enhanced options for safeguarding customer funds present attractive opportunities for more efficient and flexible business practices.
