FRANCE Law and Practice Contributed by: Damien Luqué, Martin Jarrige de la Sizeranne and Sacha Tartarin, Lacourte Raquin Tatar
EU Requirements Within the EU, the EU action plan on sustainable finance, released on 8 March 2018, aimed at proposing an EU strategy on sustainable finance in order to meet the Paris Agreement’s require - ments. Such action plan has led to the following regulations applicable to credit institutions: • Regulation No 2019/2088 of 27 November 2019 on sustainability‐related disclosures in the financial services sector (the “Sustainable Finance Disclosure Regulation” – SFDR); • Regulation No 2020/852 of 18 June 2020 on the establishment of a framework to facilitate sustainable investment (the “Taxonomy”); and • Directive No 2022/2464 of 14 December 2022 on corporate sustainability reporting (the “Corporate Sustainability Reporting Directive” – CSRD). EU legislation requires financial institutions to publish an annual extra-financial performance statement and to take into account their clients’ objectives regarding sustainability while provid - ing investment advice to such clients. International Banking Industry’s Initiatives From an international perspective, leading French credit institutions are members of the Net-Zero Banking Alliance, an international ini - tiative that brings together many credit institu - tions committed to aligning their lending, invest - ment, and capital markets activities with net-zero greenhouse gas emissions by 2050.
also their employees, service providers, as well as suppliers, and are more and more dependent on information and communication technologies (ICT). For those reasons, credit institutions are highly exposed to the risk of cyber-attacks. EU Requirements In order to mitigate such risks, EU Regulation No 2022/2554 and EU Directive No 2022/2556 of 14 December 2022 on digital operational resilience for the financial sector (the “Digital Operational Resilience Act” – DORA) aims to establish a har - monised framework for managing ICT risks. DORA’s framework is based on five pillars: • ICT risk management; • ICT-related incident management, classifica - tion and reporting; • digital operational resilience testing; • managing of ICT third-party risks; and • information-sharing arrangements. The entry into application of DORA will obviously have a massive impact on credit institutions, as it would require a global redesign of their con - tracts entered into with ICT service providers in order to ensure their compliance with the con - tractual obligations set out by DORA, as well as the implementation of digital operational resil - ience tests. EU Regulation 2022/2554 comes into applica - tion on 17 January 2025 and Directive 2022/2556 must be implemented by the member states by 17 January 2025. National Requirements National requirements on ICT risk manage - ment are currently provided for in the Order of
10. DORA 10.1 DORA Requirements
In the conduct of their activities, credit institu - tions usually deal with a large quantity of sensi - tive data, mainly concerning their customers, but
202 CHAMBERS.COM
Powered by FlippingBook