The decision of European regulators to include IBM among key third-party ICT service providers is not surprising, but it does set an important precedent in the relationship between Big Tech and the financial sector. The European Supervisory Authorities, comprising EBA, EIOPA and ESMA, have officially confirmed the strategic role of the US company, which in practice means bringing it under direct supervision at EU level under the DORA (Digital Operational Resilience Act) regulation.
For the financial market, this is a signal that digital operational resilience is ceasing to be a purely internal problem for banks or insurers, and is becoming a systemic issue, requiring close scrutiny by technology providers. As Piotr Pietrzak, Technical Sales Leader at IBM for Poland, the Baltics and Ukraine, notes, DORA enforces just such a systemic approach to digital resilience. The new regulations cover a broad spectrum of entities – from investment firms to payment institutions – treating technology as integral to market stability and customer security.
For IBM, key supplier status is, on the one hand, a prestigious acknowledgement of its position as a trusted partner and, on the other, a commitment to even closer cooperation with the supervisory authorities (ESA). The company had been preparing its technology and governance structures for a long time to meet the new requirements. In the run-up to the implementation of the regulations, IBM’s teams were conducting extensive adaptation activities in parallel with the development of global cyber security technologies.
From the perspective of CIOs of financial institutions, bringing IBM under direct EU supervision is reassuring news. It means that the use of this provider’s infrastructure and services comes with the added assurance of regulatory compliance. IBM promises to continue providing guidance and resources to help clients navigate the complex requirements of DORA without losing sight of innovation.
The aim of the new regulations is clear: to reduce systemic risk in the European financial ecosystem. The inclusion of key technology players under direct supervision is a step that redefines responsibility for digital security in the Old Continent. IBM declares its full readiness to work constructively with regulators, using its experience in risk management to make the adaptation process smooth for both the company itself and its business partners.
