Financial entities' responsibility of oversight of critical ICT third-party service providers

The Oversight Framework should not replace, or in any way or for any part substitute for, the requirement for financial entitiesas defined in Article 2, points (a) to (t) to manage themselves the risks entailed by the use of ICT third-party service providersan undertaking providing ICT services, including their obligation to maintain an ongoing monitoring of contractual arrangements concluded with critical ICT third-party service providersan ICT third-party service provider designated as critical in accordance with Article 31. Similarly, the Oversight Framework should not affect the full responsibility of financial entitiesas defined in Article 2, points (a) to (t) for complying with, and discharging, all the legal obligations laid down in this Regulation and in the relevant financial services law.