ΠΕΡΙΓΡΑΦΗ

The course aims to provide a deep dive into the critical legislative package associated with the Digital Operational Resilience Act (DORA), which has recently come into force, and is designed to addresses a key risk factor in the EU digital space:  cyberattacks and ICT disruptions in the EU financial sector.  These risks have been a concern for Europe’s bank and securities regulators for many years, notably the ECB, the EBA and ESMA. 

This long overdue piece of legislation now consolidates a patchwork of existing sectoral rules on ICT risk management, incident handling and resilience testing. Critically, and core to the thrust of DORA, is the explicit recognition on the reliance by financial services entities on third party ICT service providers. Oversight of 3^rd party ICT service providers will fall to the ESA’s (EBA, ESMA and EIOPA). 

ESMA is also currently drafting technical standards, following DORA’s entry into force on 16 January 2023, with application scheduled for 17^th January 2025.

 An overview of the complex nature of the EU legislative process and the key EU Institutions involved in the development of the DORA regulatory text will be examined during the course, covering:

• The shift from operational risk mainly with the allocation of capital to managing all components of operational resilience.
• The DORA rules for the protection, detection, containment, recovery and repair capabilities against ICT-related incidents.
• Identifying the DORA explicitly referenced ICT risks via new sets rules on ICT risk-management, incident reporting, operational resilience testing and ICT third-party risk monitoring.

ΣΚΟΠΟΣ ΣΕΜΙΝΑΡΙΟΥ

The course offers the opportunity to:

• Acquire a structure understanding of the current EU legislative landscape and priorities in relation to the DORA legislative package
• Become sufficiently conversant in the broad details of the key pieces of current EU FS legislation to engage in a discussion with their professional peers, regulators and apply the knowledge in reviewing the impact on their business models, compliance expectations and obligation 

More specifically, by the end of the course participants will:

• Understand the EU Institutional decision-making process from the EC proposal stage on both legislative packages to ratification by the EU Parliament and Council
• Identify the various key provisions under the DORA legislative text that will have a direct impact on the firm’s compliance framework and that of its outsourced ITC providers
• Identify the new requirements and challenges under the DORA  framework designed to strengthen cross-border monitoring of ITC systems and outsourced structures
• Build an awareness of the modified roles of Pan-EU supervisors in terms of monitoring, requests for information, reporting requirements, on-site inspections, with more assertive powers by the ESAs
• Learn how the scaled-up harmonisation and coordination of ESAs supervisory practices in the management of the firms ITC operations will affect your business
• Develop awareness of how the EU intends to monitor DORA requirements with third countries considered to be ‘high-risk’ jurisdictions.
• Be capable of anticipating questions and queries via the new ESA’s role in monitoring DORA application and compliance

ΣΕ ΠΟΙΟΥΣ ΑΠΕΥΘΥΝΕΤΑΙ

The course is addressed to:  

• Chief AML Officers
• CFOs
• Regulatory Compliance Officers
• National Supervisors
• Financial Services Trade Bodies
• Chief Legal Officers
• Internal ITC Specialist
• Chief Data Officers
• COOs

ΠΕΡΙΣΣΟΤΕΡΕΣ ΠΛΗΡΟΦΟΡΙΕΣ

Training Outline

 – Background on DORA legislative packages

• scope exemptions, definitions, supervision, reporting/compliance

– Outline of uniform requirements concerning the security of network and information systems supporting the business processes of financial entities: 

A. requirements applicable to financial entities in relation to:

• information and communication technology (ICT) risk management
• reporting of major ICT-related incidents and notifying, on a voluntary basis, significant cyber threats to the competent authorities
• reporting of major operational or security payment-related incidents to the competent authorities by financial entities referred to in Article 2(1), points (a) to (d)
• digital operational resilience testing
• information and intelligence sharing in relation to cyber threats and vulnerabilities
• measures for the sound management of ICT third-party risk

B. requirements in relation to the contractual arrangements concluded between ICT third-party service providers and financial entities 

• DORA application framework vis-à-vis critical third parties which provide ICT-related services to financial entities in terms of digital operational resilience, requiring all firms ensuring that they can withstand, respond to and recover from all types of ICT-related disruptions and threats.
• A review of the critical third-country ICT service provider rules vis-à-vis provision of services to financial entities in the EU (required to establish a subsidiary within the EU so that oversight can be assured)
•  A review of the DORA oversight framework, which provides for an additional joint oversight network to l strengthen the coordination between the European supervisory authorities (ESAs) on this cross-sectoral topic

Training Style  

The programme is designed to deliver high-level knowledge and insights into the EU financial services regulatory agenda and developments. It will strive to enhance participants’ skills and knowledge via power-point presentations and practical examples. 

The training style is both training-focused, involving a combination of presentation and real-live examples, but also learner-focused, where participants are encouraged to share their experiences, raise questions, seek clarifications and share their opinions from their different perspectives.

CPD Recognition 

This programme may be approved for up to 5 CPD units in Financial Regulation.  Eligibility criteria and CPD Units are verified directly by your association, regulator or other bodies which you hold membership.