MFSA Issues Guidance on Register of Information Submission Under DORA
MFSA Issues Guidance on Register of Information Submission Under DORA
The Malta Financial Services Authority (MFSA) has issued a circular providing further details on the Register of Information (RoI) submission process under Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector (DORA).
This follows a previous circular from January 2025, which outlined the reporting timelines and enforcement measures related to RoI requirements.
RoI Submission Deadline: 1 - 8 April 2025
The MFSA reminds all Authorised Persons within the scope of DORA that they are required to submit their Register of Information (RoI) to the Authority between 1 April 2025 and 8 April 2025 (both dates inclusive). This applies to all entities authorised by the MFSA on or before 31 March 2025.Entities authorised after 31 March 2025 will not be included in the 2025 RoI reporting exercise but must still maintain an RoI and provide it to the MFSA upon request.
Failure to submit the RoI within the specified timeframe may result in regulatory action under DORA, Legal Notice 166 of 2024, and the MFSA Act.
Accessing the RoI Submission Platform
The MFSA has updated its website with a new ‘ICT Third-Party Risk’ section, which provides:
- An overview of RoI regulatory obligations under DORA.
- A User Guide on how to submit the RoI via the LH Portal.
- A set of frequently asked questions (FAQs) compiled by the European Supervisory Authorities (ESAs) and the MFSA.
Entities must submit their RoI via the LH Portal. Compliance Officers with an existing LH Portal account have automatic access to the RoI submission system. If access is required for another individual within the organisation, this must be arranged through the LH Portal system.
Additional DORA Resources from the EBA and ECB
The European Banking Authority (EBA) has published resources on DORA preparedness, which include:
- Templates and files required to create an RoI.
- Validation rules for RoI submissions.
- FAQs on the reporting requirements from 2025 onwards.
For Significant Institutions (SIs), the European Central Bank (ECB) ensures compliance with Article 28(3) of DORA and Commission Implementing Regulation (EU) 2024/2956 (DORA ITS). The ECB will provide further guidance on RoI submissions for credit institutions classified as significant under Article 6(4) of Regulation (EU) No 1024/2013.
Action Points for Authorised Entities
- Submit the RoI between 1 April and 8 April 2025 to remain compliant.
- Verify access to the LH Portal and ensure the correct individuals have the necessary permissions.
- Refer to MFSA, EBA, and ECB resources for guidance on submission requirements.
