DORA - How to manage your third-party service providers?

On December 2022, the EU Regulation 2022/2554 on Digital Operational Resilience for the financial sector was published in the Official Journal of the European Union. Also known as Digital Operational Resilience Act (DORA), the regulation intends to harmonise rules regarding digital resilience in the financial sector across all Member States.

Following our Digital Operational Resilience Act (DORA) - Introduction module, this specific training focuses on comprehending the requirements for third-party services management and emphasises key considerations when initiating new service contracts.

By the end of this module, participants will be able to:

• understand the requirements related to third-party risk management;
• understand the main changes from the circular 22/806 on outsourcing arrangements;
• issue a new service contract while complying with DORA.

• How to tackle DORA third party risk management requirements?
• What is the main difference with the circular 22/806?
• How to complete DORA third party register? – Use case
• Main considerations on the service contract as per DORA: completion, consistency, accuracy, uniqueness

This training is coordinated by Michael Horvath, Partner at PwC Luxembourg.

• Michael Horvath is a partner at PwC with extensive expertise in sustainable finance and the asset management industry, including both financial and real assets. Since joining PwC Switzerland in 2011 and PwC Luxembourg in 2018, he has led significant projects in regulatory audit and advisory, focusing on the asset management sector. Michael has played a key role in implementing the EU regulatory framework for sustainable finance, including SFDR, taxonomy regulation, and CSRD, as well as other regulatory initiatives such as DORA, AML/CFT, CSSF circular 18/698, and MICA. He is a certified public accountant in Switzerland and Liechtenstein and has contributed to designing compliance frameworks and operational implementations driven by regulatory changes. His notable client projects include defining target operating models for Luxembourg AIFMs, digital operational resilience planning, AML/CFT framework implementation, and ESG/sustainability process design, supported by his involvement in training and regulatory advisory.