Your browser does not support JavaScript!

Cyber and digital operational resilience: key pending issues (DORA CTPP oversight, EU and international cyber initiatives; digital infrastructure…)

Day 1 Afternoon

Wednesday 21 February

Room :



Gerry Cross
Director Financial Regulation, Policy and Risk - Central Bank of Ireland
Public Authorities
Denis Beau
First Deputy Governor - Banque de France
François-Louis Michaud
Executive Director - European Banking Authority (EBA)
Fernando Restoy
Chair - Financial Stability Institute (FSI)
Anneli Tuominen
Member of the Supervisory Board - European Central Bank (ECB)
Industry Representatives
Paolo Carcano
Partner - PricewaterhouseCoopers Business Services S.r.l.
Charlote Hogg
Executive Vice President and Chief Executive Officer - Visa Europe
Tomas Jakimavicius
Director, European Government Affairs - Microsoft


This session will first discuss how cyber and digital operational resilience challenges are evolving in the EU financial sector, how the preparation of the implementation of DORA is progressing and the key elements remaining to be further clarified or specified. The panel will then assess the needs in terms of international coordination in this area and additional approaches that need considering at EU level for tackling cyber and digital operational resilience risks in the financial sector.

Points of discussion

  1. Evolution of cyber and digital operational resilience risks and DORA implementation: How are cyber and digital operational resilience risks evolving in the financial sector? How is the implementation of DORA progressing? Are there major issues remaining to be addressed regarding the proposals made by the joint committee for implementing DORA? What are the potential challenges raised by the implementation of DORA requirements for market participants and supervisors and how may they be tackled?
  2. International coordination and additional approaches: Is there sufficient consistency in the cyber and digital operational resilience approaches at international level and is further coordination needed? Is further policy intervention needed? How do the regulatory and supervisory approaches need to evolve to adapt to the permanent evolution of cyber and digital operational risks? What are the best practices in terms of risk management at industry level to build on?