厙惇勛圖

Home   News   Features   Interviews   Magazine Archive   Symposium   Industry Awards  
Subscribe
厙惇勛圖
Leading the Way

Global 厙惇勛圖 Finance News and Commentary
≔ Menu
厙惇勛圖
Leading the Way

Global 厙惇勛圖 Finance News and Commentary
News by section
Subscribe
⨂ Close
  1. HomeRegulation news
  2. DORA to drive significant change to TPRM, says Acuiti
Regulation news

DORA to drive significant change to TPRM, says Acuiti


22 November 2023 UK
Reporter: Sophie Downes

Generic business image for news article
Image: Quardia Inc.
Sell-side firms are making 'significant changes' to how they approach third-party risk management (TPRM) to meet the requirements of the EUs Digital Operational Resilience Act (DORA), according to an Acuiti study.

Third-Party Risk Management in the Time of DORA was produced in partnership with Compass Partners and is based on a survey of executives from 106 different firms, predominantly from the sell side.

According to the survey, more than nine in 10 sell-side respondents reported that they will have to make major changes to how they manage third-party risk to meet the requirements of DORA a new regulation that firms are facing with regards to TPRM. These changes are focused on how firms map, monitor and manage third-party relationships.

DORA is intended to ensure that firms have the operational resilience to deal with cyber-attacks and other issues threatening the operations of their information and communications technology stacks.

The regulation will apply to more than 20,000 EU regulated entities and has an extra-territorial impact for any firms with operations or activities in the EU.

For a number of firms, especially those on the buy side, such as hedge funds and proprietary trading firms, DORA will be an entry point into formalised third-party risk management, says Acuiti.

Some of the most significant changes under the new regulation include the requirement to have exit strategies for critical vendors currently only 17 per cent of sell-side respondents have this in place.

Another change facing firms in scope for DORA include the mapping of nth party relationships; only 39 per cent of survey respondents currently complete this activity.

Other key challenges faced by firms include the operational resources required to comply with DORA, the criteria to analyse threats and receiving information from vendors.

Neil McDonald, managing partner at Compass Partners, says: The data shows that a lot of firms are unprepared for DORA, and also face significant challenges in ensuring fit for purpose processes and framework as well as a functional target operating model.

As always, data quality and system feeds ensuring accurate mapping will be a key challenge. Understanding fourth parties and associated risks, substitutability of critical vendors and testing of exit strategies will also add pressure points and complexity, stretching already limited resources.

Acuiti founder Will Mitting comments: With little over a year until implementation, there is significant work to be done by firms across the market to be ready for DORA.

The industry will need to work together with vendors to streamline processes such as information requests to reduce the operational burden.
NO FEE, NO RISK
100% ON RETURNS If you invest in only one securities finance news source this year, make sure it is your free subscription to 厙惇勛圖 Finance Times
Advertisement
Subscribe today
Knowledge base

Explore our extensive directory to find all the essential contacts you need

Visit our directory →
Glossary terms in this article
→ Hedge

Discover definitions, explanations and related news articles in our glossary

Visit our glossary →