Se rendre au contenu

Getting Ready for DORA: Key Lessons from the ESA 2024 Dry Run

18 décembre 2024 par
Stéphane Le Roy

The Digital Operational Resilience Act (DORA) will apply from January 17, 2025, and financial companies in Europe must prepare to meet its requirements. One important task is creating Registers of Information (RoI) to document their contracts with ICT third-party providers. These registers are essential for managing risks, following regulations, and identifying key ICT providers.

To help companies get ready, the European Supervisory Authorities (ESAs) ran a "dry run" exercise in 2024. This trial provided valuable insights to improve preparations for the official reporting that will start in 2025.

What Did the Dry Run Teach Us?

  1. Many Companies Took Part
    More than 1,000 financial companies from 27 EU countries participated. These included banks, insurance firms, investment companies, and others. The trial tested how well companies could prepare their RoI at both group and individual levels.
  2. Common Problems with Data Quality
    • Only 6.5% of RoI passed all checks for accuracy.
    • The main issue was missing required information, such as unique IDs for ICT providers.
    • Other errors included incorrect LEI codes and mistakes in the data format.
  3. Improvements for Future Reporting
    • The ESAs have updated their instructions and data quality checks to make the process clearer.
    • Companies should focus on collecting complete and accurate data to meet DORA’s rules.

Tips for Financial Companies

  1. Make Sure Your RoI is Complete
    From 2025, leaving out required information will not be allowed. Include all mandatory details, such as unique IDs for your ICT providers and group companies.
  2. Follow the Latest Guidelines
    Be familiar with the ESAs’ updated rules and formats. Mistakes often happen when instructions are not followed carefully.
  3. Use Technology to Manage Data
    Find reliable tools to maintain and convert your registers into the required format. The ESAs will no longer provide manual tools for data conversion.
  4. Work with Key Partners
    Collaborate with your ICT providers and group companies to ensure you have the necessary information, like LEI codes. Set up smooth processes for sharing data with authorities.

What’s Next?

Official RoI reporting will begin in 2025. Companies that act on the lessons from the dry run will be better prepared to comply with DORA and improve their resilience. For more details and resources, visit the ESA’s official page.