Course Images

The Newly Enforced Digital Operational Resilience Act (D.O.R.A) Regulation

The Newly Enforced Digital Operational Resilience Act (D.O.R.A) Regulation

Dates

  • October 2026
      to   (2 sessions)
    Delivered Online
    €240+ VAT
    Book
    View Dates Hide Dates
    • to
      Delivered Online
    • to
      Delivered Online


Highlights

  • Live Online

  • 5 CPD Units | 5 Hours


The EIMF Live Online Learning Experience

Participants will receive access to the recorded sessions of the course.

EIMF subject-matter experts deliver engaging and interactive courses across a broad spectrum of areas, that can be enjoyed in the comfort of your own chosen environment. Read more


Course Overview

The course aims to provide a deep dive into the critical legislative package associated with the Digital Operational Resilience Act (DORA), which has recently come into force, and is designed to addresses a key risk factor in the EU digital space: cyberattacks and ICT disruptions in the EU financial sector. These risks have been a concern for Europe’s bank and securities regulators for many years, notably the ECB, the EBA and ESMA.

This long overdue piece of legislation now consolidates a patchwork of existing sectoral rules on ICT risk management, incident handling and resilience testing. Critically, and core to the thrust of DORA, is the explicit recognition on the reliance by financial services entities on third party ICT service providers. Oversight of 3rd party ICT service providers will fall to the ESA’s (EBA, ESMA and EIOPA).

ESMA is also currently drafting technical standards, following DORA’s entry into force on 16 January 2023, with application scheduled for 17th January 2025.

An overview of the complex nature of the EU legislative process and the key EU Institutions involved in the development of the DORA regulatory text will be examined during the course, covering:

  • The shift from operational risk mainly with the allocation of capital to managing all components of operational resilience.

  • The DORA rules for the protection, detection, containment, recovery and repair capabilities against ICT-related incidents.

  • Identifying the DORA explicitly referenced ICT risks via new sets rules on ICT risk-management, incident reporting, operational resilience testing and ICT third-party risk monitoring.


Training Objectives

The course offers the opportunity to:

  • Acquire a structure understanding of the current EU legislative landscape and priorities in relation to the DORA legislative package

  • Become sufficiently conversant in the broad details of the key pieces of current EU FS legislation to engage in a discussion with their professional peers, regulators and apply the knowledge in reviewing the impact on their business models, compliance expectations and obligation

More specifically, by the end of the course participants will:

  • Understand the EU Institutional decision-making process from the EC proposal stage on both legislative packages to ratification by the EU Parliament and Council

  • Identify the various key provisions under the DORA legislative text that will have a direct impact on the firm's compliance framework and that of its outsourced ITC providers

  • Identify the new requirements and challenges under the DORA framework designed to strengthen cross-border monitoring of ITC systems and outsourced structures

  • Build an awareness of the modified roles of Pan-EU supervisors in terms of monitoring, requests for information, reporting requirements, on-site inspections, with more assertive powers by the ESAs

  • Learn how the scaled-up harmonisation and coordination of ESAs supervisory practices in the management of the firms ITC operations will affect your business

  • Develop awareness of how the EU intends to monitor DORA requirements with third countries considered to be “high-risk” jurisdictions.

  • Be capable of anticipating questions and queries via the new ESA's role in monitoring DORA application and compliance


Training Outline

Background on DORA legislative packages

  • scope exemptions, definitions, supervision, reporting/compliance

Outline of uniform requirements concerning the security of network and information systems supporting the business processes of financial entities:

A. requirements applicable to financial entities in relation to:

  • information and communication technology (ICT) risk management

  • reporting of major ICT-related incidents and notifying, on a voluntary basis, significant cyber threats to the competent authorities

  • reporting of major operational or security payment-related incidents to the competent authorities by financial entities referred to in Article 2(1), points (a) to (d)

  • digital operational resilience testing

  • information and intelligence sharing in relation to cyber threats and vulnerabilities

  • measures for the sound management of ICT third-party risk

B. requirements in relation to the contractual arrangements concluded between ICT third-party service providers and financial entities

DORA application framework vis-à-vis critical third parties which provide ICT-related services to financial entities in terms of digital operational resilience, requiring all firms ensuring that they can withstand, respond to and recover from all types of ICT-related disruptions and threats.

A review of the critical third-country ICT service provider rules vis-à-vis provision of services to financial entities in the EU (required to establish a subsidiary within the EU so that oversight can be assured)

A review of the DORA oversight framework, which provides for an additional joint oversight network to l strengthen the coordination between the European supervisory authorities (ESAs) on this cross-sectoral topic


Who Should Attend

The course is addressed to:

  • Chief AML Officers

  • CFOs

  • Regulatory Compliance Officers

  • National Supervisors

  • Financial Services Trade Bodies

  • Chief Legal Officers

  • Internal ITC Specialist

  • Chief Data Officers

  • COOs


Training Style

The programme is designed to deliver high-level knowledge and insights into the EU financial services regulatory agenda and developments. It will strive to enhance participants' skills and knowledge via power-point presentations and practical examples.

The training style is both training-focused, involving a combination of presentation and real-live examples, but also learner-focused, where participants are encouraged to share their experiences, raise questions, seek clarifications and share their opinions from their different perspectives.


CPD Recognition

This programme may be approved for up to 5 CPD units in Financial Regulation. Eligibility criteria and CPD Units are verified directly by your association, regulator or other bodies which you hold membership.


In-house Training

For groups within the same organisation, this course may be customised to meet any specific needs and delivered in-house.

Facilitators

  • David Doyle

    David Doyle

    Dr David Doyle is an EU policy advisor, expert and speaker, specialising in EU financial services regulation, based between Paris and Brussels. Prior to his EU regulatory role, he was a long-serving diplomatic career based on mainland Europe, spanning both multilateral and bilateral assignments in Paris and Brussels. Dr Doyle interfaces on a regular basis with key policy-makers and legislators in the corridors of all three EU Institutions (EC, European Parliament and Council), and, in addition, ESMA, the ECB and IOSCO. Furthermore, he has been a long-standing Board Member of the Board of the all-party EU parliamentary advocacy body, The Kangaroo Group, and Secretary of its Financial Services Working Group at the European Parliament. His authored works include Cost Control—A Strategic Guide (CIMA/Elsevier: London, 1994 and 2002) which was translated into 15 foreign languages, as well as contributing EU chapters to The Future of Finance after SEPA (Wiley: London, 2008), and A Practical Guide to Corporate Governance (Sweet & Maxwell: London, 2010). His academic activities include lecturing in Management Control as an adjunct faculty member at Paris-based institutions like the American University, HEC, ESSEC and ESCP. His alumni include the Technology University Dublin (formerly Dublin Institute of Technology), Trinity College , University of Dublin (Ireland), while in January 2004 he was awarded an Honorary Doctorate in Business Administration at Kingston University, in recognition of his contribution to EU policy development for the growth and sustainability of small businesses.