Digital Operational Resilience Act (DORA) - Introduction

On December 2022, the Regulation (EU) 2022/2554 on Digital Operational Resilience for the financial sector was published in the Official Journal of the European Union. Also known as Digital Operational Resilience Act (DORA), the Regulation intends to harmonise rules regarding digital resilience in the financial sector across all member states.

This training is about understanding the implications of DORA and how your organisation will be impacted from business, compliance, governance, operational and IT perspectives.
This training will provide you an overview of the main provisions and the difference with the existing ICT regulatory framework.

By the end of this training, participants will be able to understand:

• the main provisions of DORA regulation and the implications to your organisation;
• the implications to the existing ICT regulatory framework;
• how to manage ICT risks;
• how to classify and report incidents;
• the types of resilience testing;
• the key considerations related to the management of ICT third party service provider.

• Current regulatory landscape in the context of operational resilience and ICT
• Main provision of DORA and implementation considerations:
  • ICT governance: definition of the roles, responsibilities and segregation of duties within your organisation
  • ICT risk management framework: risk taxonomy, methodology and related documentation
  • Incident classification,management and reporting
  • Resilience testing approach and scope
  • Third party services provider management: process and related documentation

This training is coordinated by Michael Horvath and Koen Maris, Partners at PwC Luxembourg.

Michael has acquired a strong financial and regulatory audit as well as advisory background and significant experience leading projects in the asset management sphere. In the recent past, Michael has been particularly involved in various regulatory projects related to the implementation of the EU regulatory framework for sustainable finance (i.e. SFDR, taxonomy regulation, CSRD) at entity and product level. Michael is involved in various other regulatory projects for clients, from DORA, AML/CFT regulation over CSSF circular 18/698 to MICA.

Koen is partner at PwC Luxembourg, leading the Cyber Security practice with more than 20 years of experience in information/cyber security in cross industry environments. He is specialised in Secure Operations Centers, incident response and awareness raising at all levels of an organisation. He also has experience with Distributed Ledger Technology, IoT, OT/IT security, threat intelligence and forensics. Koen has a strong technical background and operational experience in cyber security as well as strong competencies in security architecture, solution design, programme management, business development.