Asset Servicers: The challenge with DORA

In response to the challenges imposed by the DORA Regulation, as from 17 January 2025, asset servicers in Luxembourg will need to balance the demands of regulatory compliance with operational challenges. It is essential for these entities to find a balance suited to their size or dependencies in order to ensure their resilience and future success.

At the core of Europe’s financial nexus, asset servicers in Luxembourg are facing a new regulatory challenge: the implementation of the DORA Regulation (Digital Operational Resilience Act). This Regulation aims to reinforce the digital operational resilience of financial entities, a necessity in an ecosystem where reliance on information technology and the threat of cyberattacks are on the rise. However, its implementation presents a challenge that is often underestimated by asset servicers.

Third-party management is a central issue. For their IT management, many asset servicers rely on groups located outside the European Union, which complicates compliance with the requirements of DORA, focused on supervision and risk management within the EU. The delegation of IT responsibilities to external entities requires a reevaluation of contractual agreements as well as control mechanisms.

Also, the need for sufficient resources is becoming imperative. Asset servicers, some of modest size compared to other financial players, do not always have the necessary resources to comply with DORA’s requirements without impacting their regular operations. Recruiting experts in cybersecurity and IT resilience is a challenge in a competitive market where demand outstrips supply.

Lastly, the principle of proportionality, although integrated into DORA, tends to interpretation. Asset servicers must apply the regulation while taking into account their size, complexity, and risk profile. This requires a thorough analysis to determine how DORA’s measures align with the specific needs of each entity.

For compliance officers, risk officers, CISOs, or digital transformation leaders, the task is daunting but essential. The need for experts, collaboration with regulators, ongoing training, and the adoption of robust IT governance practices are key to ensure operational resilience that meets DORA’s expectations. The issue of digital resilience has also become indispensable for the longevity and competitiveness of asset servicers in Luxembourg.

With the advent of DORA, asset servicers are facing a changing regulatory environment. Our in-depth knowledge of the sector, along with our expertise in compliance and cybersecurity, enables us to meet the specific needs of each organization, thereby turning regulatory challenges into strategic advantages. We leverage our know-how to assist organizations in identifying their critical and significant functions, assessing risks, and designing durable third-party relationship management strategies. To this end, our local teams ensure effective communication with clients established outside of Luxembourg, guaranteeing a comprehensive understanding of DORA’s requirements.

Our collaboration with asset servicers is tailor-made to align with the entirety of our clients’ projects and to focus on critical stages. This flexibility, combined with our global vision, helps to establish trustful and long-lasting relationships with our clients. Our partners value our training and e-learning resources, which enable all stakeholders to understand the importance of operational resilience and information technology.