The UK Financial Conduct Authority (FCA) on October 31, 2024 published observations and key lessons from how firms responded to the CrowdStrike IT outage. The outage caused disruption across several industries globally, and the FCA highlights for UK financial services the importance of ensuring operational resilience in order to minimize the potential impact of future events on consumers and markets.
Tech & Sourcing @ Morgan Lewis
TECHNOLOGY TRANSACTIONS, OUTSOURCING, AND COMMERCIAL CONTRACTS NEWS FOR LAWYERS AND SOURCING PROFESSIONALS
We invite you to join us for our next installment of the Morgan Lewis Automotive Hour Webinar series.
An essential feature for customers in outsourcing software licensing and arrangements is the provision of robust protection against any software that could embed and distribute malware. To address these concerns, the inclusion of a no-virus warranty has become a common expectation on customers’ side.
According to OECD data, by 2020 digital trade represented 25% of global trade, amounting to just under $5 trillion. Digitalization of economy is on the agenda for many national governments as they come to appreciate the transformative power of technology in reducing transactional expenses and improving the competitiveness of their economies.
On October 30, Morgan Lewis will be hosting the annual Tech & Sourcing Summit in New York. This full-day event will bring together our lawyers and industry leaders and conclude with a keynote speech by best-selling author and renowned futurist Dr. Daniel Susskind and a networking reception.
In our latest blog post on preparing for the EU’s Digital Operational Resilience Act (DORA), entering into force on January 17, 2025, we take a look at second-level requirements under DORA covering the classification and reporting of major information and communications technology (ICT) related incidents. These requirements will need to be addressed through operational risk management frameworks and contract remediation efforts with technology vendors.
Beginning January 17, 2025, financial entities based in the European Union must have in place processes and policies, and mandatory contract provisions with their third-party technology vendors, that comply with the EU Digital Operational Resilience Act (DORA).
The widespread technology outage on July 19, 2024 highlighted major potential issues that can arise when service providers rely on technology to provide critical services. The effects of the outage were felt by critical service providers across numerous industries, including airlines, banks, public transit, healthcare, and media. Because we live in a world that is increasingly reliant on technology, if a critical piece of technology fails or introduces a flaw to a system that relies on that particular technology, it can have extreme consequences, as many experienced on July 19.
Starting January 17, 2025, financial entities based in the European Union must have in place processes and policies, as well as mandatory contract provisions with their third-party technology vendors, that comply with the EU’s Digital Operational Resilience Act (DORA). Financial entities are currently at varying stages of updating their operational risk management frameworks and remediating contracts with technology vendors. For banks, the European Central Bank has signaled that resiliency will be a top priority on its supervisory agenda.
Beginning January 17, 2025, the European Union’s Digital Operational Resilience Act (DORA) will require financial entities to maintain and submit to EU regulators a comprehensive register of their contractual arrangements with third-party information and communication technology (ICT) service providers. Financial entities are being given the opportunity to sign up for a voluntary reporting exercise by May 31, 2024, running between July and August 2024, to help them prepare for one of the most challenging aspects of implementing DORA.