In a discussion at the Assembly of the Republic, the Secretary of State for the Treasury and Finance stated that the proposed law ensuring the implementation of European legal acts into national regulations concerning the digital operational resilience of the financial sector is a “decisive step in defending the integrity, continuity, and credibility of financial infrastructures.”
João Silva Lopes reiterated that these measures are equipping financial entities with more robust tools to prevent, withstand, and respond to technological incidents and cyberattacks, as well as “reinforcing supervision over risks associated with information technologies and guaranteeing increased protection for consumers, investors, and the economy itself.”
“In a context where the digitalization of the financial system is irreversible and threats are increasingly sophisticated,” he noted, the State “must ensure security and protection conditions for institutions, businesses, and citizens.”
This European regulation and directive are “fundamental instruments of the European Union to strengthen the operational resilience of the financial sector,” he argued.
The aim is “to ensure that all financial sector entities are prepared to prevent and respond to incidents related to information technologies such as cyberattacks, system failures, technological interruptions, and others that may jeopardize financial stability and citizen confidence in the financial system.”
Thus, this regulation creates a “harmonized framework at the European level, applicable to all financial entities, avoiding fragmented responses among member states,” and also ensures the “strengthening of the internal market’s functioning,” he pointed out.
The Secretary of State highlighted some measures, notably identifying supervision as carried out by the Bank of Portugal, the Insurance and Pension Funds Supervisory Authority (ASF), and the Securities Market Commission (CMVM), “ensuring the effective, coordinated, and safe implementation of the new rules.”
This proposal also has a “national scope, extending the regime to insurance companies, reinsurance companies, and pension fund managing entities,” he added.
Upon being questioned about this regulatory application extension, the Secretary of State explained that “it is a matter of coherence.”
“We wanted to ensure full alignment so that entities would be covered by this regime and directive,” he pointed out.
“Anything that can contribute to increasing consumer confidence perception is positive,” he considered.
João Silva Lopes also mentioned that the government faced an “arduous task of recovering the legacy of regulations that need to be executed and directives transposed,” highlighting that a dozen directives have already been transposed.
The proposal was approved today in a final global vote in the plenary, with abstentions from IL and PCP and favorable votes from the other parties.
The subject matter is the DORA regulation [Digital Operational Resilience Act], published on December 27, 2022, establishing uniform rules in the EU related to risk management capabilities associated with information technologies, incident notification, resilience testing, and risk monitoring associated with service providers.
