The ABBL, in collaboration with Schiltz & Schiltz and with the participation of the CSSF, organised an event around the recently adopted Digital Operational Resilience Act (DORA). An important topic for the financial services sector, reflected by the more than 120 participants registered! The full presentation is available online for ABBL Members. Here is a summary of the key points.
Scope of application
The DORA regulation (2022/2554) establishes uniform requirements for financial institutions with regard to the security of networks and information systems supporting the business processes of financial entities. In particular, for :
- ICT risk management
- ICT-related incident management
- Digital operational resilience testing
- ICT third-party risk
- Information sharing
The scope is therefore broader than the activities usually covered by the outsourcing arrangements, and financial entities will have to monitor all their ICT arrangements.
Advocacy activities in the coming months
The DORA is followed by 15 policy mandates given to ESAs:
- 8 Regulatory Technical Standards (RTS)
- 2 Implementing Technical Standards (ITS)
- 2 guidelines
- 1 feasibility report on the incident reporting hub
- Answers to 2 calls for advice from the European Commission.
RTS and ITS will be open for consultation, and the ABBL together with its members will take part in this advocacy work.
Stay tuned: the ABBL will organise two further events on DORA once the RTS and ITS are finalised to keep its members informed.
DORA entered into force on 17 January 2023 and will apply from 17 January 2025. The CSSF suggests to in-scope institutions to be proactive and to start getting prepared for DORA already now and read the text in conjunction with soon to be published RTS and ITS.
Join the ABBL groups on Cybersecurity & Trust and on the DORA assessment
The ABBL runs two groups for its members: the Cybersecurity and Trust Working Group, and the Task Force on the DORA Assessment. The objective is threefold:
- To increase the resilience of ABBL members against cyber-attacks.
- Facilitate information sharing and collaboration
- Engage in a dialogue on future regulatory technical standards (RTS) under DORA.
Are you a member of the ABBL and interested in these groups? Contact our Member Relations team!