European financial firms can try out a key aspect of their DORA compliance this summer. Firms should get in touch with their regulators if they want to take part.
1| DORA register of information
The EU’s Digital Operational Resilience Act will require financial entities to keep a register about their ICT arrangements with third parties. DORA does not start to apply until January 2025 but EU regulators are running an exercise this year to help firms get ready for this requirement.
The dry run exercise will allow firms to fine-tune the data in their DORA registers and test the process for reporting them to their regulators.
2| Voluntary exercise
The European Supervisory Authorities will launch the exercise in May. Firms that choose to participate can then submit their DORA registers to their national regulators between 1 July and 30 August.
Firms are invited to take part on a best-efforts basis. They will receive support to:
- build their register in the required format,
- test the reporting process,
- address data quality issues, and
- improve internal processes and quality of their registers.
Once DORA applies, registers must be maintained at entity, sub-consolidated and consolidated levels. For the dry run, firms should provide the highest level of consolidation in the EU.
Next steps
Firms should declare their interest in participating in the dry run by 31 May. They can also sign up for an introductory workshop on 30 April.
Regulators will give feedback to participating firms by the end of October. Before the end of the year the ESAs will publicly report on high-level observations about data quality and host another workshop to share general findings.