Regulatory Technical Standards (RTS) are formal regulations that set out the technical and operational rules that organisations operating in specific sectors must comply with. In the European Union, these standards are developed by the European Supervisory Authorities (ESAs) and approved by the European Commission. RTSs provide detailed and technical rules within the scope of legal regulations.
Importance of RTS
RTSs are essential in areas such as harmonisation and standardisation, risk management, transparency and accountability, and technological neutrality and future-proofing. These standards increase operational harmonisation and standardisation by ensuring that all organisations in a given sector follow the same rules. This is especially vital in complex and wide-ranging industries.
RTS provides detailed procedures and controls to help organisations effectively manage the risks they face. In critical areas such as Information and Communication Technologies (ICT) risk management, these standards increase organisations’ digital operational resilience. RTS makes the activities of industry players more transparent and increases their accountability to regulatory authorities. This increases market confidence and contributes to the stability of the financial system. Moreover, RTSs adopt a technology-neutral approach without being dependent on specific technologies. This ensures that regulations are resilient to future technological developments.
Development and Implementation of RTS
The process of developing and implementing RTSs usually includes drafting, public consultation, evaluation of feedback, and approval and entry into force.
First, the European Supervisory Authorities (ESAs) draft RTS in line with a specific regulatory need. In this process, existing standards and best practices are taken into account. Then, the draft RTS are made publicly available for feedback from relevant stakeholders. This process usually takes several months and is conducted as a consultation process with broad participation. The feedback from the public is analysed in detail and any changes deemed appropriate are reflected in the draft RTS. Finally, the finalised draft RTS is submitted to the European Commission and enters into force upon approval. RTSs are usually implemented on a specific date after their publication in the Official Journal of the European Union.
What are the differences between DORA and RTS?
DORA (Digital Operational Resilience Act) and RTS (Regulatory Technical Standards) are regulations that aim to increase digital operational resilience in the financial sector. Here are the differences between these two concepts:
DORA is a regulation that aims to strengthen digital operational resilience in the European Union financial sector.
DORA aims to strengthen financial institutions’ information and communication technology (ICT) and third-party risk management and incident reporting frameworks.
DORA contains technical standards and regulations to enable the financial sector to deal with digital risks.
RTS are regulatory technical standards published as part of DORA.
The RTS aims to harmonise tools, methods, processes and policies in the field of ICT risk management in the financial sector.
The RTS sets out the key ICT risk management elements that financial institutions subject to the simplified regime and with lower scale, risk, size and complexity should have. This harmonises ICT risk management requirements across different financial sectors.
While DORA provides a general framework to enhance the digital operational resilience of the financial sector, RTS includes more specific and detailed regulations. You can contact us at info@cfecert.co.uk for further details or trainings on this subject.
