BUSINESS INSIGHTS
enterprises felt that there was not much clarity regarding the key items or terms . For example , the definitions of ‘ critical ’ or important functions and which companies were considered critical thirdparty ( CTP ) providers . consultations on DORA ’ s policy products in September 2023 . The FIA was also concerned with the classification of ICT-related incidents and the approach followed to incorporate proportionality in the Regulatory Technical Standards ( RTS ).
There was also concern over the timeline , especially given the complexity of some of the regulatory requirements , which required significant lead time for implementation , such as updating all relevant third-party contracts . Of which , contract lifecycle management tools proved invaluable . As well as uncertainty over scoping , which , for organisations , led to increased budget allocations in order to meet the DORA obligations on time .
There were also reactions from industry bodies and membership organisations . For example , the Futures Industry Association ( FIA ) responded to the European Supervisory Authorities ’ ( ESAs )
Lastly , there are the penalties themselves . Those businesses that are considered critical third parties , could face fines of up to € 5,000,000 . Whereas financial institutions that are not compliant could be fined up to 2 % of their annual worldwide turnover compared to individuals who can be fined up to € 1,000,000 respectively .
Compliance 101 – review , assess , react
Now that the deadline has passed , organisations need to remain vigilant for the year ahead . As a first step , financial institutions must ensure that they
Jason Smith , Senior Principal , Strategy & Transformation , Conga
understand the regulations and how it applies to them and their partners , particularly as they agree to new partnerships in the future . It is important that organisations review their processes to ensure they are compliant . This is best done by conducting a gap analysis of
www . intelligentcxo . com
67