Article 3Note: This article is based on the final draft from the ESAs and is not yet adopted. Members of the joint examination team
-
The Lead Overseerthe European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation shall define the number of members of the joint examination team and its composition in agreement with the Joint Oversight Network and in consultation with the Oversight Foruma sub-committee of the Joint Committee for the purposes of supporting the work of the Joint Committee and of the Lead Overseer in the area of ICT third-party risk across financial sectors, as part of the process of establishment of the joint examination team, and as required over time, taking into account the tasks included in the individual annual oversight plans drafted for each critical ICT third-party service provideran ICT third-party service provider designated as critical in accordance with Article 31 overseen by the joint examination team. To define the number and the composition of members in the joint examination team, the Lead Overseerthe European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation shall consider at least the following:
-
the number of critical ICT third-party service providersan ICT third-party service provider designated as critical in accordance with Article 31 overseen by the joint examination team and by the ESAsEuropean Supervisory Authority as Lead Overseersthe European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation;
-
the specific individual oversight needs related to the specific critical ICT third-party service provideran ICT third-party service provider designated as critical in accordance with Article 31, as assessed by the Lead Overseerthe European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation;
-
the stability of the composition of the joint examination team, ensuring a proper knowledge retention;
-
the necessary skills required for the execution of the tasks by the joint examination team, considering the technical and non-technical ICT knowledge requirements;
-
the Member States in which the critical ICT third-party service provideran ICT third-party service provider designated as critical in accordance with Article 31 provides ICT servicesdigital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services supporting critical or important functionsa function the disruption of which would materially impair the financial performance of a financial entity, or the soundness or continuity of its services and activities, or the discontinued, defective or failed performance of that function would materially impair the continuing compliance of a financial entity with the conditions and obligations of its authorisation, or with its other obligations under applicable financial services law of the financial entitiesas defined in Article 2, points (a) to (t), and the competent authoritiesas defined in Article 46 which supervise the financial entitiesas defined in Article 2, points (a) to (t) making use of those services;
-
the different types, sizes and number of financial entitiesas defined in Article 2, points (a) to (t) to which the critical ICT third-party service provideran ICT third-party service provider designated as critical in accordance with Article 31 provides ICT servicesdigital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services supporting critical or important functionsa function the disruption of which would materially impair the financial performance of a financial entity, or the soundness or continuity of its services and activities, or the discontinued, defective or failed performance of that function would materially impair the continuing compliance of a financial entity with the conditions and obligations of its authorisation, or with its other obligations under applicable financial services law;
-
the competent authoritiesas defined in Article 46 which supervise the financial entitiesas defined in Article 2, points (a) to (t) which are the most dependent on the ICT servicesdigital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services provided by the critical ICT third-party service providersan ICT third-party service provider designated as critical in accordance with Article 31;Note: Point (g) had a strikethrough in the official legal text, indicating it is subject to change.
-
a proportionate cross-sectoral representation of the nominating authorities of the joint examination team.
-
-
When nominating members of the joint examination team, the authorities referred to in Article 40(2) of Regulation (EU) 2022/2554 shall consider at least points (b), (c), (d), (f) and (g) of paragraph 1.
-
The members of the joint examination team shall be involved either in the execution of specific tasks, or in the ongoing support of the activities carried out by the Lead Overseerthe European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation, considering the tasks defined in Article 1(2) of this Regulation.