Financial cross-sector exercises, communication and cooperation

Article 49 addresses the need for cross-sector exercises, communication, and cooperation to strengthen the financial system's collective resilience to ICT-related disruptions. Individual entity resilience is necessary but not sufficient — systemic resilience requires coordinated preparedness across the financial sector.

The article empowers the ESAs, in coordination with national competent authorities and other relevant bodies, to develop and coordinate financial cross-sector exercises. These exercises simulate large-scale ICT disruptions or cyber attacks that could affect multiple financial entities simultaneously, testing the sector's collective response capabilities and communication channels.

Communication protocols during ICT-related crises are a critical component. The article establishes expectations for how competent authorities share time-sensitive information about threats and incidents that could have systemic implications, enabling coordinated supervisory responses and reducing the risk of information silos during fast-moving events.

The cooperation dimension extends to sharing lessons learned from exercises, incidents, and supervisory activities. This collective learning approach helps the entire financial sector benefit from the experiences of individual entities and national supervisors, raising the baseline of digital operational resilience across the EU.