DORA Draft RTS on Risk Management Framework

The European Union's Digital Operational Resilience Act (DORA) seeks to standardize ICT risk management in finance. AFME, representing major financial market players, advocates for flexibility, noting existing frameworks often align with DORA's goals.

DORA Draft RTS on Risk Management Framework
EU Regulatory Compliance in Financial Risk Management

DORA Draft RTS on Risk Management Framework: Examining AFME's Response and Implications for Financial Markets

Association for Financial Markets in Europe Keywords DORA Regulatory Compliance

The Association for Financial Markets in Europe (AFME) has recently submitted its response to the draft Regulatory Technical Standard (RTS) under the Digital Operational Resilience Act (DORA) initiative by the European Union. The DORA RTS aims to harmonise Information and Communication Technology (ICT) risk management tools, methods, and policies across the EU. AFME, representing a broad array of European and global participants in the wholesale financial markets, has provided detailed feedback on the draft RTS.

One of the key points raised is the need for firms to be allowed to demonstrate compliance with DORA through their existing risk management policies. AFME argues that the proposed requirements under the Risk Management Framework (RMF) are, in many cases, already incorporated across various corporate policies and procedures. Therefore, compelling firms to create new standalone DORA policies would not add value.

Additionally, AFME advocates for a more flexible and proportionate approach, arguing that firms are often best placed to implement the supervisors' aims and intentions. This includes greater flexibility in areas such as ICT project and change management, as well as the frequency of IT security awareness training.




AFME's Insightful Response to EU's DORA RTS


In a digital age defined by constant evolution, the European Union's foray into enhancing ICT risk management in the financial sector has garnered significant attention. Their initiative, the Digital Operational Resilience Act (DORA), is designed to create a harmonized approach to Information and Communication Technology (ICT) risk management tools, methods, and policies. As the EU lays down its draft Regulatory Technical Standard (RTS) for DORA, industry giants like the Association for Financial Markets in Europe (AFME) are stepping in to provide a well-articulated perspective.


Representing a diverse spectrum of both European and global participants in the wholesale financial markets, AFME's feedback on the draft RTS sheds light on the complexities of digital resilience in financial systems. Their primary argument revolves around the principle of redundancy: many firms already have risk management frameworks in place that encapsulate the essence of DORA's proposed requirements. Hence, forcing these institutions to sculpt new, standalone DORA policies might lead to unnecessary duplications and added administrative burdens.


Yet, the core of AFME's stance gravitates towards the need for flexibility. They advocate for a more tailored approach, allowing institutions to adapt to DORA's tenets based on their unique operational contexts. Such a strategy promises streamlined compliance processes, reduced overheads, and an optimization of risk management practices. This perspective, if endorsed by regulators, could redefine how firms approach DORA compliance, leveraging existing frameworks while aligning with the EU's objectives.


However, with flexibility comes potential inconsistency. A tailored approach could result in a disparate interpretation of DORA's standards, posing challenges for regulatory bodies striving for uniform compliance. Addressing this would require regulators to don both a meticulous and proactive hat, developing detailed guidance and assuming a vigilant role in overseeing DORA's implementation.


AFME's call to arms doesn't end here. They envisage a future where regulatory frameworks are mapped collaboratively, eliminating overlaps and introducing a holistic approach to financial regulations. Such a future, while promising streamlined regulations, also demands unprecedented coordination among the myriad regulatory entities.


In summary, as the European financial sector sets its course through the digital resilience waters, navigational cues from stalwarts like AFME can ensure a journey that's both efficient and harmonized. For institutions, stakeholders, and regulators, understanding these insights and adapting accordingly will be paramount in this digital era.




Read More

AFME > Publications > Reports
The Association for Financial Markets in Europe (AFME) is the voice of Europe’s wholesale financial markets. We represent the leading global and European banks and other significant capital market players.




Grand is Live

Check out our GPT4 powered GRC Platform

Sign up Free

Reduce your
compliance risks