The MFSA sets out the 2024 Minimum Expectations for DORA compliance
The MFSA sets out the 2024 Minimum Expectations for DORA compliance
The Malta Financial Services Authority (MFSA) recently released its minimum supervisory expectations for 2024 in relation to the level of DORA compliance that it expects financial entities to achieve in the current year. The MFSA has been regularly engaging with in-scope financial entities to promote a timely transition towards DORA compliance by its date of applicability.
MFSA’s 2024 Minimum Expectations
For 2024, the MFSA expects an advanced level of DORA preparedness. Financial entities are expected to take several steps towards achieving DORA compliance, as follows:
- developing a digital operational resilience strategy
- a DORA-compliant ICT Risk Management Framework
- an ICT-related incident management process
- a digital operational resilience testing program
- manage their ICT third-party risk, and
- develop a Register of Information (RoI).
Sufficient DORA preparedness is one of the outcomes that the MFSA intends to achieve through its supervision in 2024. The MFSA will be separately engaging with financial entities to gather information in relation to their progress against these expectations. In 2023, the MFSA had already outlined several expectations for financial entities, including informing the management body and key function holders about the DORA Regulation, keeping abreast of updates related to the development of Technical Standards, and carrying out a gap analysis between existing strategies and the DORA Regulation requirements.
When does DORA come into force?
DORA came into force on 16 January 2023 and will apply from 17 January 2025. DORA sets out requirements for financial entities to strengthen their ICT risk management, incident reporting, testing, and third-party risk management. It also establishes an oversight framework for critical third-party service providers.
The Regulation has significant implications for financial entities, as they will need to review and update their existing processes and systems to ensure compliance with DORA's requirements. This may involve investing in new technologies, enhancing their risk management frameworks, and strengthening their relationships with third-party service providers.
BDO Malta: Your Trusted Partner for DORA Compliance
The European Union has set January 17th, 2025, as the deadline to achieve DORA compliance. While this might seem like a distant target, in fact, achieving DORA compliance is a very complex and challenging task that requires a concerted effort by the in-scope financial entities. At BDO Malta, we understand the profound impact that the journey towards DORA compliance has on such organisations. Our team of regulatory and compliance technical experts is dedicated to helping your company navigate this complex environment. Our comprehensive range of services includes the following:
- Board and Management Training on DORA
- Expert guidance on DORA compliance
- Performing gap analyses
- Conducting risk assessments
- Developing and implementing incident management and business continuity plans
- Providing continuous support and monitoring.
