Your browser does not support JavaScript!

Digital operational resilience and business continuity: can it be ensured throughout the financial value chain?

Day 1 Afternoon

Wednesday 26 April

Room :



Margarita Delgado
Deputy Governor - Banco de España
Public Authorities
Gerry Cross
Director Financial Regulation, Policy and Risk - Central Bank of Ireland
Samu Kurri
Director, Digitalisation and Analysis - Finnish Financial Supervisory Authority (FIN-FSA)
François-Louis Michaud
Executive Director - European Banking Authority
Sasha Mills
Executive Director, Financial Market Infrastructure - Bank of England
Industry Representatives
Jason Harrell
Managing Director and Head of External Engagements - The Depository Trust & Clearing Corporation
Tomas Jakimavicius
Director, European Government Affairs - Microsoft


This session will first discuss the extent of digital operational resilience and cyber risks in the financial sector and how they are evolving with on-going changes in financial value chains (e.g. with increasing digitalisation and outsourcing to tech providers) and external events (e.g. geopolitical risks).
The panel will then assess whether the agreed DORA and NIS2 texts will allow the tackling of the cyber and digital operational resilience risks that financial institutions are facing and identify potential issues that remain to be clarified or further specified in the drafting of the Level 2 requirements. Finally, the panel will discuss whether further measures are needed to enhance system-wide cyber-resilience and to ensure an appropriate coordination of cyber-resilience efforts at the international level.

Points of discussion

  1. How are ICT and cyber-risks evolving in the financial sector? What are the implications in terms of operational and cyber-resilience of on-going digital transformation and resulting changes in the financial value chains?
  2. Will the DORA and NIS2 frameworks allow an appropriate tackling of ICT risks with adequate proportionality and future-proofing? What are the key issues remaining to be clarified or specified in the drafting of Level 2 regulatory standards and are there major implementation challenges? Can the oversight of critical ICT third-party providers (CTPPs) be adequately conducted with the current supervisory structure in Europe? How are ICT risks and digital operational resilience issues addressed at the international level? Does more need to be done to enhance cyber-resilience at sector level?