Article 3
Members of the joint examination team
1. The Lead Overseer shall determine the number of members of the joint examination team and its composition in agreement with the Joint Oversight Network referred to in Article 34(1) of Regulation (EU) 2022/2554 and in consultation with the Oversight Forum referred to in Article 32(1) of that Regulation.
2. The Lead Overseer shall determine that number as part of the process of the establishment of the joint examination team, and as required over time, taking into account:
|
(a) |
the tasks included in the individual annual oversight plans drafted for each critical ICT third-party service provider overseen by the joint examination team; |
|
(b) |
the strategic objectives of the multi-annual oversight plan drafted for all critical ICT third-party service providers overseen by all the joint examination teams. |
3. To determine the number and the composition of members in the joint examination team, the Lead Overseer shall consider at least all of the following:
|
(a) |
the envisaged level of intensity of oversight activities to be performed in relation to all critical ICT third-party service providers; |
|
(b) |
the size and complexity of the ICT third-party service provider overseen by the joint examination team and by the ESAs as Lead Overseers; |
|
(c) |
the specific individual oversight needs related to the specific critical ICT third-party service provider, as assessed by the Lead Overseer; |
|
(d) |
the stability of the composition of the joint examination team, ensuring a proper knowledge retention; |
|
(e) |
the necessary skills required for the execution of the tasks by the joint examination team, considering the technical and non-technical ICT knowledge requirements; |
|
(f) |
the Member States in which the critical ICT third-party service provider provides ICT services supporting critical or important functions of the financial entities, and the competent authorities which supervise the financial entities making use of those services; |
|
(g) |
the different types, sizes, and numbers of financial entities to which the critical ICT third-party service provider provides ICT services supporting critical or important functions; |
|
(h) |
the competent authorities which supervise the financial entities that are the most dependent on the ICT services provided by the critical ICT third-party service providers; |
|
(i) |
a proportionate cross-sectoral representation of the nominating authorities of the joint examination team. |
4. When nominating members of the joint examination team, the authorities referred to in Article 40(2) of Regulation (EU) 2022/2554 shall consider at least points (c), (d), (e), (g) and (h) of paragraph 3.