Your browser does not support JavaScript!

Digital operational and cyber-resilience: expected impacts of DORA and potential pending issues 

Day 1 Afternoon

Wednesday 07 September

Room :



Steven Maijoor
Executive Director of Supervision - De Nederlandsche Bank (DNB)
Public Authorities
Urban Angehrn
Chief Executive Officer - Swiss Financial Market Supervisory Authority (FINMA)
Petra Hielkema
Chairperson - European Insurance and Occupational Pensions Authority (EIOPublic Authority Speaker)
Billy Kelleher
Member of European Parliament - Committee on Economic and Monetary Affairs, European Parliament
Emmanuel Rocher
Director for International Affairs - Autorité de Contrôle Prudentiel et de Résolution (ACPR)
Industry Representatives
Ksenia Duxfield-Karyakina
Government Affairs and Public Policy - Google Cloud
Stephen Hester
Vice Chair of the Board and Board Member - Nordea Group

Objectives of the session

This session will discuss whether the agreed text on DORA will allow the tackling of the main cyber and digital operational resilience risks that financial institutions are facing, identify the main issues that remain to be clarified or further specified in the drafting of DORA Level 2 requirements and evaluate the potential implementation challenges raised by DORA requirements.

The panel will address first ICT risk management measures, secondly those for handling third-party ICT risks and will also assess the implications of these measures in terms of supervision. How these issues are addressed by other jurisdictions will also be touched on, as well as the potential importance

Points of discussion

  1. Policy framework for ICT risks: Will the DORA framework as agreed allow an appropriate handling of ICT risks with sufficient proportionality and future-proofing, while maintain competitiveness? What are the key issues remaining to be clarified or specified in the drafting of Level 2 regulatory standards? What are the main implementation challenges to be further considered for market participants and supervisors? Do DORA requirements raise any consistency issues with existing regulations or international rules?
  2. Oversight framework for third-party ICT risks: Does DORA propose an adequate framework for the management of third-party ICT risks? Do some issues require further clarification or specification in the perspective of the implementation of DORA? What are the potential challenges that the framework raises for supervisors?