In September 2024, Derisk Advisory joined forces with DSM Avocats à la Cour to host a webinar on DORA’s implications for Luxembourg financial institutions.
Our principal consultant’s intervention focused on unpacking the regulation’s six core pillars, with particular emphasis on ICT risk management, incident reporting, third-party oversight, and resilience testing. The session provided practical insights into establishing robust internal governance frameworks, assigning responsibilities across management bodies, and implementing a three-line defense model to ensure compliance and operational resilience.
Key topics included strategies for developing and maintaining a comprehensive ICT risk management framework, early adoption of CSSF-mandated incident reporting requirements, and advanced resilience testing programs like TIBER. The presentation also addressed DORA’s expanded oversight of third-party ICT providers, highlighting the need for detailed registers and compliant contractual arrangements. Practical recommendations were shared, including forming dedicated DORA task forces, mapping ICT dependencies, and prioritizing compliance roadmaps to meet the January 2025 deadline.
Watch the replay to gain actionable insights and prepare your organization for the challenges and opportunities presented by DORA.