MFSA issues Consultation on National Implementation of DORA

MFSA issues Consultation on National Implementation of DORA

The Malta Financial Services Authority (MFSA) is seeking feedback from Authorised Persons and other interested stakeholders on the proposed legal measures to implement and transpose Regulation (EU) 2022/2554 on digital operational resilience for the financial sector (“the DORA Regulation”). 

DORA aims to enhance the cyber security and resilience of the network and information systems that support the business processes of financial entities, and to establish a European-level oversight framework for critical ICT third-party service providers. The proposed legal measures include the implementation of the DORA Regulation through secondary legislation, tentatively named the Digital Operational Resilience Act (DORA) Regulations, 2023, by issuing a Legal Notice under the Malta Financial Services Authority Act (Cap. 330 of the Laws of Malta), including amendments to various primary and secondary laws, as well as the MFSA’s rules, covering different sectors such as banking, investment services, insurance, pensions, and payment services. 

Key Implementation Measures 
  • Scope and Applicability: The DORA Regulations apply to entities specified in Article 2(1) of the DORA Regulation, excluding those in Article 2(3). Exemptions extend to the Malta Development Bank as per Article 2(3) point 4
  • Competent Authority: The MFSA is designated as the competent authority, responsible for overseeing DORA Regulations and the DORA Regulation itself. 
  • Reporting and Oversight: The MFSA is proposed to receive reports on major ICT-related incidents and voluntary notifications of significant cyber threats. It will also contribute with a high-level representative to the Oversight Forum for Critical ICT Third Party Service Providers.
  • Cooperation and Exchange of Information: The Authority is empowered to transmit reports to the ECB, the national CSIRT, and other relevant bodies. Further, it can impose administrative penalties and measures for breaches. 
  • Transposition Measures: Specific amendments are proposed for various financial sectors, including financial institutions, credit institutions, regulated markets, investment service providers, insurance, pensions, and resolution-related entities. 


Consultation Period 

Stakeholders and authorised persons are invited to provide feedback on the proposed legal measures by February 16, 2024. The MFSA has emphasised once again the significance of aligning with the DORA Regulation to ensure digital operational resilience across the financial sector.  


BDO Malta: Your Partner for DORA Compliance 

The European Union has set January 17th, 2025 as the deadline to achieve DORA compliance. While this might seem a distant target, in fact achieving DORA compliance is a very complex and challenging task which requires a concerted effort by the in-scope financial entities. At BDO Malta, we understand the profound impact that the journey towards DORA compliance has on such organisations. Our team of regulatory and compliance technical experts is dedicated to helping your company navigate this complex environment. Our comprehensive range of services includes: 

  • Board and Management Training on DORA;
  • Expert guidance on DORA compliance
  • Performing gap analyses;
  • Conducting risk assessments;
  • Developing and implementing incident management and business continuity plans;
  • Providing continuous support and monitoring.

Want to know more?
Get in touch