What will the proposal for a Digital Operational Resilience Act (DORA) bring to the Financial Sector
Location Webinar, Virtual event, CPE Circuit, EY Connect Learning, EY Malta
Time 10:00 - 11:00
Who Should Attend?
This session is relevant to Information Security Officers (ISO), Internal Audit, Risk Management officials, Head of IT, IT managers, etc. hailing from the Financial Sector.
Introduction
In these uncertain times where many businesses are transitioning from physical to virtual operations and most people are working remotely, financial entities have seen their dependency on Information and Communication Technologies (“ICT”) increasing. The current environment and situation have also led to an increase in attention on the considerable business impacts that ICT risks pose. The number and aggressiveness of cyber threats have been steadily growing lately in fact, the European Union Agency for Cybersecurity (“ENISA”) has indicated a rise in Phishing, Identity Theft, and Ransomware.
The European Commission has been strengthening the financial resilience of the EU financial sector, adopting measures aimed at increasing the capital resources and liquidity of financial entities, as well as reducing market and credit risks. In this context and after consultation, the digital finance package, adopted on the 24th September 2020 by the European Commission includes a digital finance strategy and legislative proposals on crypto-assets and digital resilience.
As a matter of fact, the Commission proposed to introduce a financial services Digital Operational Resilience Act (“DORA”). The Digital Operational Resilience Act will introduce, inter alia, new regulatory and supervisory mandates in respect of critical ICT third party providers, harmonized rules for digital operational resilience testing, harmonized ICT incident classification reporting, and harmonized ICT risk management rules. Many market participants will be impacted by DORA, including the traditional financial sector entities such as credit institutions, stock exchanges and clearing houses, UCITS management companies, alternative fund managers (“IFMs”), insurance companies, payment institutions, electronic money institutions, as well as crypto-asset service providers, issuers of crypto-assets and issuers of asset-referenced tokens.
Session Outline
During this 1-hour session we will aim to address the below topics:
- What is DORA?
- Requirements for compliance with DORA
- Synergies with existing relevant regulations
Registration fee
Speaker
Joseph P. Galea | Director | Business and Technology Risk Consulting
Joseph specialised in the profiling service line with over 30 years’ experience. Joseph’s technical expertise is a sound combination of engagements across a range of service lines including IT compliance audits both locally and abroad, internal audits, Cybersecurity risk assessments and operational ICT experience including IT general controls, IT transformation programs and business continuity planning.
Aggeliki Delga | Senior Manager | Technology Consulting
Aggeliki is a Senior Manager within EY Greece’s Advisory Practice. She has more than 10 years of experience in the identification, assessment and management of cyber security risks and implementation of realistic enterprise transformation programs to establish sound corporate governance. She has conducted Cyber Security and Privacy Compliance engagements for global organisations and designed multi-year roadmaps to guide implementation of cybersecurity compliance and transformation strategy and culture change initiatives throughout their global operations, including information security and data protection awareness and training programs.
Karen Massa | Manager | Business and Technology Risk Consulting
Karen is a Manager working in the Malta office who joined Ernst & Young in 2014. Karen is a Certified Information Systems Auditor and is in the process of obtaining the Certified Information Systems Manager certification. Karen has acquired certifications relating to ISO 27001, specifically the Lead Auditor Certification, as well as certifications relating to GDPR. Karen has spent a number of months seconded in the UK to participate in engagements relating to cybersecurity and anti-money laundering. Karen has delivered various training sessions on Information Security to participants hailing from different sectors as well as internal participants. Training also covered anti-bribery and corruption in collaboration with other EY colleagues.
