HUNGARY Law and Practice Contributed by: Adam Liber and Tamás Bereczki, PROVARIS Varga & Partners
To further strengthen resilience and mitigate human risks, organisations may request back - ground checks for key personnel responsible for resilience. These checks confirm the individual’s identity and ensure they have a clean criminal record. Supporting Critical Organisations The framework for supporting critical organisa - tions aims to enhance their resilience by pro - viding resources, guidance, and collaboration opportunities. Key measures include the follow - ing: • development and dissemination of manuals, templates, and methodological tools, acces - sible via the central designation authority’s website; • sharing best practices for resilience measure - ment and testing, organising central training programmes and sector-specific workshops for CROs; • assigning advisers or creating advisory work - ing groups to assist critical organisations; • organising regular events to update organisa - tions on regulatory changes, case studies, and best practices, facilitated by the designa - tion authority and the CRO Advisory Commit - tee, with input from sectoral authorities; • offering expedited administrative processes and, where necessary and justified by public interest, financial aid for resilience develop - ment; and • encouraging voluntary information sharing among critical organisations and publishing scientific research to support knowledge dis - semination. Additionally, the registry authority may verify the critical status of organisations, critical roles, and essential resources to facilitate access to sup - port measures. If necessary and justified by pub -
lic interest, financial support may be provided to enhance the resilience of critical organisations.
3. Financial Sector Operational Resilience Regulation 3.1 Scope of Financial Sector Operational Resilience Regulation Act X of 2024 on the Harmonisation Amend - ments to Laws Affecting the Financial Inter - mediary System (“DORA Implementation Act”) implemented DORA into Hungarian law. The implementation act greatly broadened the mate - rial scope of the application of DORA in Hungary to include all financial enterprises, insurance companies, payment service providers, stock exchanges and investment fund managers. Most enterprises must comply with the simpli - fied framework, except for banks, institutions that operate payment systems, are under con - solidated supervision, or subject to equivalent prudential regulations, which must adhere to the full framework. 3.2 ICT Service Provider Contractual Requirements The supervisory authority issued guidance on public cloud services in 2019 (MNB Guidance 4/2019 (IV. 1.)), which remains in effect until revoked. This guidance requires all financial enterprises to conduct a preliminary risk assess - ment and prepare an exit strategy before enter - ing into contracts with any public cloud service providers. Additionally, the use of cloud services must be reported to the MNB. It is expected that the MNB will align its prac - tices with those of the ESAs regarding the use of cloud service providers, particularly in assess -
108 CHAMBERS.COM
Powered by FlippingBook