The Digital Operational Resilience Act (DORA)

.

This training session will provide attendees with a solid understanding of the requirements of Digital Operational Resilience Act (DORA), including its obligations for European financial entities and ICT service providers. It will also explain the legislation’s cross-border implications and provide comparison between DORA and the UK operational resilience rules.

Attendees will, by the end of the session, have a good knowledge of the key DORA requirements under each of its thematic pillars: (1) ICT risk management, (2) ICT-related incidents: management, classification and reporting, (3) Digital operational resilience testing, (4) Management of ICT third-party risk and (5) Oversight Framework for critical ICT third-party service providers. We will discuss the main obligations and consider their practical implications for the in-scope firms. The training will be interactive, addressing common implementation queries and enabling attendees to raise issues they find particularly challenging in the course of their DORA compliance efforts.

The programme has been developed by the Investment Association in collaboration with Norton Rose Fulbright LLP.

Key Learning Objectives:

Develop an understanding of the key DORA requirements and how they impact financial entities, with a focus on:

• DORA operational resilience obligations and their application to managers;
• Requirements concerning contractual arrangements with ICT third-party service providers;
• Comparison between DORA and UK operational resilience rules;
• The common implementation challenges associated with DORA.

09:30 Introduction and overview

The session will begin by providing a high-level overview of DORA, its structure and objectives as well as updating on the status of regulatory work and implementation timelines. It will also set the scene for the subsequent sessions by explaining the scope of ICT services relevant to the DORA application.

10:00 Session 1: ICT third-party risk management and contractual obligations

The session will provide an in-depth look on the key DORA requirements concerning the management of ICT third-party risks, including obligations for financial entities regarding contractual requirements with ICT third-party service providers.

11:00 Coffee break

11:15 Session 2: ICT risk management for financial entities

This session will focus on explaining the obligations for financial entities stemming from the DORA provisions on ICT risk management, including an overview of the required documentation.

12:00 Session 3: DORA for ICT third-party service providers

The session will focus on discussing the application of DORA to ICT third-party service providers, including the conditions for the criticality assessment of ICT third-party service providers, the functioning of the Oversight Framework as well as broader relevance of DORA to non-critical ICT third-party service providers.

12:30 Lunch break

13:00 Session 4: Comparing DORA and UK operational resilience framework

The final session will focus on providing a high-level comparison between DORA and the UK framework for operational resilience, highlighting main similarities and differences between the two regimes.

13:30 Closing remarks

Hannah Meakin
Hannah Meakin is a partner in the financial services group at Norton Rose Fulbright LLP. Her practice focuses on market infrastructure, commodities derivatives and FinTech. She advises on all aspects of compliance with relevant PRA and FCA requirements and has particular knowledge of brokerage, exchange trading, clearing, settlement, custody, client money and wholesale conduct. Hannah helps clients understand and implement financial services legislation, including MiFID II, MAR, EMIR and the CRR, and has led client projects on each of these. Her clients include both financial institutions and unregulated entities such as the trading and treasury teams of corporates. She also supports a number of industry bodies.

Anna Carrier
Anna Carrier is a lawyer in the financial services regulatory practice at Norton Rose Fulbright LLP, based in Brussels. She advises clients on a range of European legislative, regulatory and policy matters. Anna specialises in banking and financial services legislation, with particular focus on securities and derivatives markets, benchmarks, markets infrastructure, crypto-assets and FinTech. She assists clients in all stages of legislative process, from preparatory work preceding publication of legislative proposal, through legislative review of basic legislative text, development of secondary legislation and guidance, to implementation. She has advised clients on complex matters relating to implementation of European legislation, including EMIR, MiFID II/MiFIR, BMR, and she has also been advising clients on the application of DORA.

Haney Saadah
Haney Saadah is the Managing Director of Risk Consulting for Europe, Middle East and Asia at Norton Rose Fulbright LLP based in London. He has extensive experience in the delivery of highly technical programs of work in broad areas of risk, including regulatory, governance and operational, conduct and reputational risk along with specific advice on more general regulatory advisory topics and interventions. He has worked in and across all the key global financial hubs with a variety of financial services providers, from capital markets firms and asset managers through to a range of commercial banks, payments firms and technology suppliers, along with regulators and governments.

This interactive session will be particularly useful for those whose role involves them in DORA compliance projects at their firms, including both at the financial entities and the service providers. This typically includes members of legal, compliance, business, cyber, IT, risk management and contract management teams.

IA Member £395.00 +VAT
Non-Member 545.00 +VAT

Pay using a credit card online, or if you wish to be invoiced please email your full details to: Training@theia.org

PLEASE NOTE: Full payment for the course must be made prior to the course commencement date.

• Any cancellation must be made in writing.
• For all cancellation received 15-30 days prior to the course start date, 50% of the course fee is still payable.
• No refund is given for a cancellation made 14 days or less prior to the commencement of a course.
• Transferring from one course to another is treated as a cancellation.
• You can substitute one delegate for another at no additional cost. In this instance, please give two business days’ notice.