Objectives of the session
This session will discuss whether the agreed text on DORA will allow the tackling of the main cyber and digital operational resilience risks that financial institutions are facing, identify the main issues that remain to be clarified or further specified in the drafting of DORA Level 2 requirements and evaluate the potential implementation challenges raised by DORA requirements.
The panel will address first ICT risk management measures, secondly those for handling third-party ICT risks and will also assess the implications of these measures in terms of supervision. How these issues are addressed by other jurisdictions will also be touched on, as well as the potential importance
Points of discussion
- Policy framework for ICT risks: Will the DORA framework as agreed allow an appropriate handling of ICT risks with sufficient proportionality and future-proofing, while maintain competitiveness? What are the key issues remaining to be clarified or specified in the drafting of Level 2 regulatory standards? What are the main implementation challenges to be further considered for market participants and supervisors? Do DORA requirements raise any consistency issues with existing regulations or international rules?
- Oversight framework for third-party ICT risks: Does DORA propose an adequate framework for the management of third-party ICT risks? Do some issues require further clarification or specification in the perspective of the implementation of DORA? What are the potential challenges that the framework raises for supervisors?