DORA: Preparatory Exercise for financial entities
DORA: Preparatory Exercise for financial entities
The DORA Regulation encompasses a range of provisions aimed at strengthening digital operational resilience across financial entities.
One key requirement outlined in the Regulation is the establishment of a Register of Information (RoI). This register will serve as a comprehensive repository for information on arrangements with ICT Third-Party Service Providers (ICT TPPs), enabling financial entities to effectively monitor and manage associated risks.
As the DORA Regulation approaches its applicability date of 17 January 2025, it's crucial for financial entities to prepare adequately to ensure compliance. To support this preparation process, the European Supervisory Authorities (ESAs) and participating competent authorities, such as the MFSA, is launching a 'Preparatory Exercise' in mid-2024.
While participation in this exercise is voluntary, it offers invaluable support to financial entities in several areas. Participants will have the opportunity to refine their understanding of regulatory requirements, test reporting processes, address data quality issues, and enhance internal procedures related to digital operational resilience.
This Preparatory Exercise is aligned with the MFSA's expectations, as outlined in our communication released in March 2024, titled "The Authority’s Minimum Expectations in Relation to Financial Entities’ Preparedness to Regulation (EU) 2022/2554 on Digital Operational Resilience."
The Preparatory Exercise is a unique opportunity for financial entities to:
- Build and test their Register of Information (ROI)
- Address data quality issues
- Improve internal processes
By actively participating in this initiative, financial entities can ensure a smoother transition towards compliance with the DORA Regulation and reinforce their digital operational resilience capabilities.
ESAs publish templates and tools for voluntary dry run exercise to support the DORA implementation
On 31st May 2024, The European Supervisory Authorities published essential materials for the dry run exercise on reporting registers of information under the Digital Operation Resilience Act (DORA).These materials include:
- templates for the registers of information
- a draft technical package, and
- an optional tool to assist with data conversion and submission
This initiative is a significant step towards enhancing the ICT risk management framework across financial entities.
BDO Malta: Your Trusted Partner for DORA Compliance
The European Union has set January 17th, 2025, as the deadline to achieve DORA compliance. While this might seem like a distant target, in fact, achieving DORA compliance is a very complex and challenging task that requires a concerted effort by the in-scope financial entities. At BDO Malta, we understand the profound impact that the journey towards DORA compliance has on such organisations. Our team of regulatory and compliance technical experts is dedicated to helping your company navigate this complex environment.
Our comprehensive range of services includes the following:
- Board and Management Training on DORA
- Expert guidance on DORA compliance
- Performing gap analyses
- Conducting risk assessments
- Developing and implementing incident management and business continuity plans
- Providing continuous support and monitoring.