DORA – How to manage your third-party service providers?

On December 2022, the EU Regulation 2022/2554 on Digital Operational Resilience for the financial sector was published in the Official Journal of the European Union. Also known as Digital Operational Resilience Act (DORA), the regulation intends to harmonise rules regarding digital resilience in the financial sector across all Member States.

Following our Digital Operational Resilience Act (DORA) - Introduction module, this specific training focuses on comprehending the new requirements for third-party services management and emphasises key considerations when initiating new service contracts.

By the end of this module, participants will be able to:

• understand the new requirements related to third-party risk management;
• understand the main changes from the circular 22/806 on outsourcing arrangements;
• issue a new service contract while complying with DORA.

• How to tackle DORA third party risk management requirements?
• What is the main difference with the circular 22/806?
• How to complete DORA third party register? – Use case
• Main considerations on the service contract as per DORA: completion, consistency, accuracy, uniqueness

This training is coordinated by Michael Horvath and Koen Maris, Partners at PwC Luxembourg.

Michael has acquired a strong financial and regulatory audit as well as advisory background and significant experience leading projects in the asset management sphere.

In the recent past, Michael has been particularly involved in various regulatory projects related to the implementation of the EU regulatory framework for sustainable finance (i.e. SFDR, taxonomy regulation, CSRD) at entity and product level. Michael is involved in various other regulatory projects for clients, from DORA, AML/CFT regulation over CSSF circular 18/698 to MICA.

Koen, Partner, leads the Cyber Security practice with more than 20 years of experience in information/cyber security in cross industry environments. He is specialised in Secure Operations Centers, incident response and awareness raising at all levels of an organisation. He also has experience with Distributed Ledger Technology, IoT, OT/IT security, threat intelligence and forensics. He has a strong technical background and operational experience in cyber security as well as strong competencies in security architecture, solution design, programme management, business development.