Joint examination teams

Preamble (Recitals 1 – 10)

Recitals

Article 1

Tasks of the members of a joint examination team

Article 2

Establishment of a joint examination team

Article 3

Members of the joint examination team

Article 4

Renewal of the membership in the joint examination team

Article 5

Working arrangements of the members of the joint examination team

Article 6

Entry into force

JET Recitals

Recital 1

The oversight framework established by Regulation (EU) 2022/2554 should be built on a structured and continuous cooperation between the European Supervisory Authorities (ESAsEuropean Supervisory Authority) and the competent authoritiesas defined in Article 46 through the Oversight Foruma sub-committee of the Joint Committee for the purposes of supporting the work of the Joint Committee and of the Lead Overseer in the area of ICT third-party risk across financial sectors and the joint examination teams.

Recital 2

After the designation of the critical information and communication technology (ICT) third-party service providers and taking into account the annual oversight plans for all critical ICT third-party service providersmeans an ICT third-party service provider designated as critical in accordance with Article 31;, the authorities listed in Article 40(2) of Regulation (EU) 2022/2554 should be asked to nominate their staff as member of the joint examination teams. These authorities should ensure that the nominated staff meet the specific technical expertise required in the profiles needed in the joint examination teams. The demonstration that an authority does not have staff meeting the specific technical expertise needed in the joint examination teams should be considered by the Lead Overseermeans the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation; as justification to discharge, at that point in time, the authorities of their obligation to nominate staff members to the joint examination teams. In that case, the authority should nevertheless commit on the best effort basis to address this shortfall of expertise and try to reinforce its capabilities to contribute to the joint examination teams in the context of the next exercise. The staff members designated as members of a joint examination team should continue to be employees of the nominating authority and therefore subject to working hours and permanent location of work as included in their employment contracts.

Recital 3

In order to ensure the most effective use of resources in the execution of oversight activities, a joint examination team should be able to oversee multiple critical ICT third-party service providersmeans an ICT third-party service provider designated as critical in accordance with Article 31;. The grouping of the critical ICT third-party service providersmeans an ICT third-party service provider designated as critical in accordance with Article 31; to be assigned to a specific joint examination team, and its overall staffing needs should take into account the risk profile of the critical ICT third-party service providersmeans an ICT third-party service provider designated as critical in accordance with Article 31;, and the envisaged level of intensity of oversight activities. This should result in a strategic multi-annual oversight plan, updated annually by the Lead Overseermeans the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation; to the extent necessary, and reflected into the individual annual oversight plan. To ensure the reliability of the planned and ongoing commitment of resource staffing of the joint examination teams by the nominating authorities, the Lead Overseermeans the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation; should consult both the joint oversight network and the Oversight Foruma sub-committee of the Joint Committee for the purposes of supporting the work of the Joint Committee and of the Lead Overseer in the area of ICT third-party risk across financial sectors.

Recital 4

The Lead Overseermeans the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation; should apply a combination of criteria and principles when identifying the number of staff members in each joint examination team and the resulting composition. Those criteria and principles should take into account the technical nature of the oversight tasks, the different grade of dependency of financial entitiesas defined in Article 2, points (a) to (t) on the services provided by the critical ICT third-party service providersmeans an ICT third-party service provider designated as critical in accordance with Article 31;, the geographical distribution, the size and the number of financial entitiesas defined in Article 2, points (a) to (t) relying on those services and, where possible, a proportionate cross-sectoral representation. In performing this task, the Lead Overseermeans the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation; should rely on the information provided by competent authoritiesas defined in Article 46 in the context of designation of the critical ICT third-party service providersmeans an ICT third-party service provider designated as critical in accordance with Article 31;, including the results of the calculation of all the sub-criteria as defined in Commission Delegated Regulation (EU) 2024/1502 (3)Commission Delegated Regulation (EU) 2024/1502 of 22 February 2024 supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council by specifying the criteria for the designation of ICT third-party service providers and consider the criticality of the critical ICT third-party service providersmeans an ICT third-party service provider designated as critical in accordance with Article 31; for the provisioning of specific financial services both at Member State and Union level.

Recital 5

The Lead Overseermeans the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation; and the members of the joint examination teams should periodically assess the achievements of the joint examination teams to ensure that the structure and the composition of the joint examination teams are fit for purpose and continuously improving the efficiency and effectiveness of the Oversight Framework. The Lead Overseermeans the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation; and the nominating authorities should make use of these assessments to review the membership of the joint examination teams, when appropriate.

Recital 6

The ESAsEuropean Supervisory Authority should define the oversight procedures to be followed by the members of the joint examination teams and the Lead Overseer coordinatordefined in-line in the performance of their duties.

Recital 7

Since the oversight tasks involve the processing of confidential information, the Lead Overseermeans the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation; should grant members of the joint examination team access to such information and to the relating IT (e.g. tools, applications, datasets) and non-IT (e.g. policy, procedures, documentation) resources on a need-to-know basis and within the defined scope of their assignments if this is necessary for members of the joint examination team to assist the Lead Overseermeans the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation; in the fulfilment of its statutory functions or tasks.

Recital 8

When defining arrangements between the Lead Overseermeans the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation; and the compentent authorities to implement this Regulation, consistently with the Commission Delegated Regulation (EU) 2024/1505 of 22 February 2024 supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council by determining the amount of the oversight fees to be charged by the Lead Overseermeans the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation; to critical ICT third-party service providersmeans an ICT third-party service provider designated as critical in accordance with Article 31; and the way in which those fees are to be paid, the Lead Overseermeans the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation; should include in such arrangements a section detailing the procedure of reimbursement of the direct and indirect costs of all nominating authorities involved in the joint examination teams. The arrangements should also ensure that the members of the joint examination teams are free from any conflict of interests while performing their duties.

Recital 9

This Regulation is based on the draft regulatory technical standards submitted to the European Commission by the European Banking Authority, the European Insurance and Occupational Pensions Authority, and the European Securities and Markets Authority.

Recital 10

The Joint Committeemeans the committee referred to in Article 54 of Regulations (EU) No 1093/2010, (EU) No 1094/2010 and (EU) No 1095/2010; of the European Supervisory Authorities referred to in Article 54 of Regulation (EU) No 1093/2010 of the European Parliament and of the Council (4)Regulation (EU) No 1093/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Banking Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/78/EC (OJ L 331, 15.12.2010, p. 12)., in Article 54 of Regulation (EU) No 1094/2010 of the European Parliament and of the Council (5)Regulation (EU) No 1094/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Insurance and Occupational Pensions Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/79/EC (OJ L 331, 15.12.2010, p. 48). and in Article 54 of Regulation (EU) No 1095/2010 of the European Parliament and of the Council (6)Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC (OJ L 331, 15.12.2010, p. 84). has conducted open public consultations on the draft regulatory technical standards on which this Regulation is based, analysed the potential costs and benefits of the proposed standards and requested advice of the Banking Stakeholder Groupmeans a group as defined in Article 2, point (11), of Directive 2013/34/EU; established in accordance with Article 37 of Regulation (EU) No 1093/2010, the Insurance and Reinsurance Stakeholder Groupmeans a group as defined in Article 2, point (11), of Directive 2013/34/EU; and the Occupational Pensions Stakeholder Groupmeans a group as defined in Article 2, point (11), of Directive 2013/34/EU; established in accordance with Article 37 of Regulation (EU) No 1094/2010, and the Securities and Markets Stakeholder Groupmeans a group as defined in Article 2, point (11), of Directive 2013/34/EU; established in accordance with Article 37 of Regulation (EU) No 1095/2010,