Recital 5 Flexibility in provisions for non-compliance consequences

To ensure flexibility and to simplify the financial entities’ control framework, financial entities should not be required to develop specific provisions on the consequences of non-compliance with ICT security policies, procedures and protocols referred to in Title II, Chapter I of this Regulation where such provisions are already set out in another policy or procedure.