Source: OJ L, 2024/1772, 25.6.2024Current language: EN
- Digital operational resilience in the financial sector
ICT-related incidents
- RTS on incident classification
Article 1 Clients, financial counterparts and transactions
Summary What does Article 1 of the RTS on incident classification say?
This article directly supports Article 18(1)(a) of DORA by specifying how financial entities should measure the client, financial counterpart, and transaction dimensions of an ICT incident.
It defines the scope of who and what counts as "affected" for reporting purposes, covering clients of all types, contracted financial counterparts, and Union-based transactions.
Notably, it also provides a fallback mechanism for situations where exact figures are unavailable.
Important points:
- Count all affected clients, including third-party beneficiaries named in contractual agreements, and all financial counterparts with a contractual arrangement in place.
- Include all affected transactions where at least one part of the transaction was carried out in the Union.
- Where exact figures cannot be determined, estimate the numbers or amounts using data from comparable reference periods.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
The number of clients affected by the incident as referred to in Article 18(1), point (a), of Regulation (EU) 2022/2554, shall reflect the number of all affected clients, whether natural or legal persons, that are or were unable to make use of the service provided by the financial entity during the incident or that were adversely impacted by the incident. That number shall also include third parties explicitly covered by the contractual agreement between the financial entity and the client as beneficiaries of the affected service.
The number of financial counterparts affected by the incident as referred to in Article 18(1), point (a), of Regulation (EU) 2022/2554 shall reflect the number of all affected financial counterparts that have concluded a contractual arrangement with the financial entity.
In relation to the relevance of clients and financial counterparts affected by the incident as referred to in Article 18(1), point (a), of Regulation (EU) 2022/2554, the financial entity shall take into account the extent to which the impact on a client or a financial counterpart will affect the implementation of the business objectives of the financial entity, as well as the potential impact of the incident on market efficiency.
In relation to the amount or number of transactions affected by the incident as referred to in Article 18(1), point (a), of Regulation (EU) 2022/2554, the financial entity shall take into account all affected transactions involving a monetary amount where at least one part of the transaction is carried out in the Union.
Where the actual number of clients or financial counterparts affected or the actual number or amount of transactions affected cannot be determined, the financial entity shall estimate those numbers or amounts based on available data from comparable reference periods.
Relevant recitals
Recital 4 Meaning of transactions
With regard to the classification criterion ‘amount and number of transactions affected’, the notion of transactions is broad and covers different activities and services across the sectorial acts applicable to financial entities. For the purposes of that classification criterion, payment transactions and all forms of exchange of financial instruments, crypto-assets, commodities, or any other assets, also in form of margin, collateral or pledge, both against cash and against any other asset, should be covered. All transactions that involve assets whose value can be expressed in a monetary amount should be considered for classification purposes.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.