- Harmonize EU-wide the regulation of financial companies (including banks, insurance companies, payment service providers and investment firms)
- Strengthen monitoring and control of ICT third-party providers (ICT = information and communication technologies)
- Improve and further harmonize reporting and notification obligations with regard to cyber and IT incidents
- Strengthen ICT risk management and resilience (e.g. through extended testing of ICT systems)
The implementation of DORA poses significant challenges to the financial sector that need to be overcome. Effective ICT risk management, handling ICT risks and cyber threats, regular testing of digital operational resilience and managing ICT service providers are core elements to meet the DORA requirements. Financial organisations need to implement these measures to strengthen their cyber resilience and to sustainably meet regulatory requirements.
The first step is a gap or maturity level analysis, which shows you where you still have discrepancies in IT risk management, IT security and IT service provider management.
To close the identified shortcomings, the required actions and timeliness need to be planned, dependencies identified and responsibilities assigned. We support you in planning and implementing your action plan to adequately and proportionately close the identified shortcomings and strengthen your resilience. Close cooperation between 1st and 2nd Line of Defence (LoD) functions is essential to ensure that all regulatory requirements are met comprehensively and seamlessly. We recommended to involve the 3rd LoD in an early stage.
