Speakers
Chair
Gerry Cross
Director Capital Markets and Funds - Central Bank of Ireland
Public Authorities
François
(Public authority speaker) - Executive Director
Francesco Mazzaferro
Director General of Secretariat - European Systemic Risk Board (ESRB)
Ulrik Nødgaard
Governor - Danmarks Nationalbank
Industry Representatives
Fenitra Ravelomanantsoa
Head of Cloud Regulatory Affairs, EMEA - Google
Vincent Maagdenberg
Chief Risk Officer - Rabobank
Objectives
This session will first discuss the initial lessons learned from the implementation of DORA in January 2025, the observed impact on ICT risk management and the potential challenges for financial institutions and CTPPs in implementing the DORA requirements. The panel will then assess more broadly the evolution of cyber and digital operational resilience challenges in the financial sector, whether further policy interventions are needed at EU or global level to address these risks and ensure sector or system-wide cyber resilience, and what industry best practices in cyber risk management, in particular using technology and AI, can be leveraged in the financial sector.
Points of discussion
- DORA implementation: What are the first lessons learned from the implementation of DORA in January 2025 across the different sectors of the financial industry? Are DORA requirements achieving their objectives in terms of management of ICT risks and monitoring of CTPP risks? Have market participants and supervisors encountered any problems in implementing the DORA requirements so far?
- New cyber and digital operational resilience trends and challenges: Are there trends in terms of cyber and digital operational resilience that may require further policy attention in the financial sector? Are systemic cyber-risks developing and does more need to be done to tackle them? Is there sufficient cooperation and consistency of frameworks at the international level? Are best practices at industry level sufficiently capitalised on, notably leveraging AI and technology?