David Morrison, global head of trustee & fiduciary services at Citi Securities Services, discusses DORA’s impact on asset management firms.
As part of its coverage of Sibos 2022 in Amsterdam, Funds Europe reached out to financial experts on key topics at the conference. Read more analysis here.
Can you highlight a piece of regulation at the European level that is most impactful for asset managers in terms of their technology governance or development?
The Digital Operational Resilience Act (DORA) will probably have the most immediate and wide-ranging impact on asset management firms.
Through DORA, the European Commission aims to minimise the impact of the potential systemic risk arising from increased outsourcing practices and ICT third-party concentration, with firms subject to strict requirements intended to protect against, and recover from, third-party ICT-related incidents.
Covering, for example, minimum standards on what should be contained in contracts with ICT-third parties, operational resilience and cybersecurity testing, including threat-led penetration testing for significant financial entities, and the establishment of a Europe-wide information exchange for firms to share intelligence on cyber threats, DORA will require firms to dedicate significant resources to operational risk.
Although the proportionate nature of DORA’s implementation will mean smaller firms may be exempt or subject to a lighter framework, all asset managers must be prepared to invest in their outsourcing oversight and governance.
© 2022 funds europe
