Loading...

DORA - Regulatory Expectations & Implementation Checks for Financial Services

Level
Intermediate: Requires some prior subject knowledge
CPD
5 hours
Can't make the date?
Group bookings
email us to discuss discounts for 5+ delegates
DORA - Regulatory Expectations & Implementation Checks for Financial Services
13 Mar 2025 - London

Session

13 Mar 2025

10:00 AM ‐ 4:30 PM

With a SmartPlan £486

With a Season Ticket £540

Standard price £720

All prices exclude VAT

Introduction

DORA, or the Digital Operational Resilience Act, is a piece of EU legislation that will impact a huge range of financial services companies and beyond. As the first attempt to harmonise ICT risk management requirements at an EU-level, it contains detailed lists of requirements, rather than being principle-based, all aimed at boosting the operational and security capabilities of in-scope firms.

The scope covers all lenders, insurers, investment and fund managers as well as payment institutions and statutory auditors but goes further - it also regulates critical third-party ICT providers.

While this is EU regulation, any UK based firms operating in the EU, or outsourcing ICT activity to EU firms may either find themselves in scope or at least see changing capability in their third-party service providers. This will have a crossover into UK regulatory expectations and in particular to those firms subject to the Consumer Duty, where you are expected to act to avoid foreseeable harm - ICT-related incidents are clearly foreseeable.

As such this session is relevant to a broad range of firms and many different roles within those firms, from the traditional risk and compliance roles to relevant operations, technology, third-party vendor management and oversight functions too. We initially focus on the DORA requirements in detail and later in the day consider how to implement them, alongside broader operational resilience measures more specific to the UK regulatory expectations.

While the final detail of regulatory expectations is still to be confirmed, via a second tranche of Implementation and Regulatory Technical Standards (ITS / RTS) we know following the adoption of DORA in November 2022 what the European regulation is aiming to achieve and the outcomes expected. With full implementation of the regulation in January 2025, this session addresses the current requirements allowing firms to assess how well they have implemented appropriate standards and procedures, as well as looking forward to ongoing enhancements.

What You Will Learn

This course will cover the following:

  • Why is DORA needed now?
  • Drivers behind the regulation and forward-looking objectives
  • Governance, timelines, and milestones
  • Pillar 1 - ICT risk management
  • Pillar 2 - ICT-related incident reporting
  • Pillar 3 - Digital operational resilience testing
  • Pillar 4 - ICT third-party risk
  • Pillar 5 - Information sharing
  • Reporting and evidencing ongoing oversight
  • Practical steps to consider when reviewing your implementation plan

DORA - Regulatory Expectations & Implementation Checks for Financial Services