With only three months left until DORA becomes enforceable, the AFME has highlighted significant readiness challenges.
According to Corlytics, at a recent panel in London, representatives from Barclays, Intesa Sanpaolo, and the European Banking Authority (EBA) underscored the necessity for a unified strategy to embrace DORA’s upcoming regulations.
Maria Sorlini, leading Intesa Sanpaolo’s Regulation guidance and coordination team, discussed the complex nature of aligning compliance across varied jurisdictions. Financial institutions globally face diverse regulatory landscapes, she noted, making it crucial to establish a common framework for operational resilience as envisioned by DORA.
DORA sets a rigorous standard to boost the operational strength of Europe’s financial entities through five key pillars: risk management, resilience testing, incident reporting, third-party risk management, and information sharing. Despite operational resilience being a focus for over a decade, DORA introduces more stringent requirements, compelling institutions to refine their internal processes substantially.
Antonio Barzachki, Senior Policy Expert at the EBA, confirmed the industry’s anxiety over tight timelines and robust demands. He reassured stakeholders of the EBA’s commitment to clear guidance through ongoing Q&A sessions and supervisory support, mentioning a recent ‘dry run’ exercise to test compliance measures.
A theme that permeated the discussions was the need for proportional application of DORA’s mandates. The EBA stresses a risk-based approach, allowing institutions to tailor their compliance efforts according to their specific risk exposure. This flexibility is critical given the variable nature of risks faced by different institutions.
Estelle Tran, DORA Legal Lead at Barclays, voiced concerns about the logistical hurdles in amending contracts with numerous service providers. For some banks, this means revising hundreds, if not thousands, of contracts, a process further complicated by the varied regulatory scopes applied across jurisdictions.
Clare Jenkinson from Deloitte Legal highlighted that DORA is just one facet of a global movement towards more robust operational resilience regulation, referencing frameworks in the UK and Singapore. She emphasized the importance of meaningful compliance that extends beyond mere box-ticking, particularly when evaluating third-party risk.
DORA not only mandates stringent compliance practices but also fosters new collaborative dynamics between regulators and financial institutions. Although the path to full compliance is challenging and marked by complex contract negotiations and regulatory alignment, there is a shared optimism that these efforts will culminate in a more robust and resilient financial sector.
Copyright © 2024 RegTech Analyst
Copyright © 2018 RegTech Analyst