“As part of the exercise, the ESAs will provide feedback on data quality to financial entities participating, return cleaned files with their register of information, organise workshops and respond to frequently asked questions,” stated the press release from European Banking Authority, announcing a dry run in preparation of Dora, referring to European supervisory agencies. Photo: Shutterstock

“As part of the exercise, the ESAs will provide feedback on data quality to financial entities participating, return cleaned files with their register of information, organise workshops and respond to frequently asked questions,” stated the press release from European Banking Authority, announcing a dry run in preparation of Dora, referring to European supervisory agencies. Photo: Shutterstock

Three European supervisory authorities announced a joint ‘dry run’ from 1 July to 30 August for financial entities to prepare for Dora compliance. The focus will be on data quality, reporting processes and internal improvements.

The financial landscape in Europe is set to undergo significant changes with the impending implementation of the Digital Operational Resilience Act on 17 January 2025. As in a press release on Thursday 11 April 2024 from three European supervisory authorities--the European Banking Authority (EBA), European Insurance and Occupational Pensions Authority (Eiopa), and the European Securities and Markets Authority (Esma), financial entities within the scope of Dora will be required to maintain a comprehensive register of their contractual arrangements with information and communication technology (ICT) third-party service providers.

According to the press statement, financial entities must have these registers available at entity, sub-consolidated and consolidated levels. The purpose of these registers, as specified in the draft implementing technical standards (ITS) developed by the ESAs, is threefold: to allow financial entities to monitor their ICT third-party risk, to enable EU competent authorities to supervise ICT and third-party risk management at these entities, and to aid the ESAs in designating critical ICT third-party service providers for EU-level oversight.

Dry run

To facilitate compliance with these requirements, the ESAs and competent national authorities will conduct a dry run in 2024 on a best-efforts basis. The dry run aims to assist financial entities in preparing their registers of information by providing them with support to build these registers, test the reporting process, address data quality issues and improve internal processes related to the registers.

Financial entities will receive a draft data point model (DPM) from the ESAs by the end of May 2024, along with specifications, instructions, an Excel-based template and a tool for converting the templates into CSV files. These tools will help financial entities prepare their registers according to ESAs’ specifications.

Timeline

The dry run timeline, as outlined by the ESAs, includes key milestones such as an introductory workshop for financial entities on 30 April, the availability of materials and tools by 31 May, workshops with participating entities and competent authorities in June and July, data collection from 1 July to 30 August, data cleaning and quality checks until 31 October, and feedback sessions thereafter.

Participating financial entities will receive feedback on their data quality and a cleaned register of information dataset from their competent authority. The ESAs will also publish a report on data quality observations and organise workshops to share findings with the industry.

Financial entities are encouraged to declare their participation in the dry run by reaching out to their competent authorities before 31 May 2024. The communication flow during the dry run and for future reporting will be through competent authorities, as per Dora requirements.

For the introductory workshop on 30 April, interested parties can register by 25 April 2024 using this .

Related articles