Financial entity's determination of testing scope


Since this Regulation does not require financial entitiesas defined in Article 2, points (a) to (t) to cover all critical or important functionsa function the disruption of which would materially impair the financial performance of a financial entity, or the soundness or continuity of its services and activities, or the discontinued, defective or failed performance of that function would materially impair the continuing compliance of a financial entity with the conditions and obligations of its authorisation, or with its other obligations under applicable financial services law in one single threat-led penetration test, financial entitiesas defined in Article 2, points (a) to (t) should be free to determine which and how many critical or important functionsa function the disruption of which would materially impair the financial performance of a financial entity, or the soundness or continuity of its services and activities, or the discontinued, defective or failed performance of that function would materially impair the continuing compliance of a financial entity with the conditions and obligations of its authorisation, or with its other obligations under applicable financial services law should be included in the scope of such a test.