Third-Party Risk Management in the Time of DORA is free to read. To download your copy visit https://www.acuiti.io/third-party-risk-management-in-the-time-of-dora
London – 22 November 2023: Firms across the sell-side are making significant changes to how they approach third-party risk management to meet the requirements of the EU’s Digital Operational Resilience Act (DORA), a new study from Acuiti has found.
Third-Party Risk Management in the Time of DORA, which was released today and produced in partnership with Compass Partners, is based on a survey of executives at 106 firms predominantly from the sell-side. The report analyses the challenges that firms will face in meeting the requirements of DORA.
The study found that the complexity of third-party risk management has increased dramatically over the past three years, driven by evolving regulation and the increased risk of cyber-attacks.
DORA is the most significant new regulation that firms are facing with regards to TPRM and over nine in 10 sell-side respondents said that they will have to make major changes to how they manage third-party risk to meet the requirements.
These changes are focused on how they map, monitor and manage third-party relationships. Significant changes under DORA include the requirement to have exit strategies in place for critical vendors, something that currently only 17% of sell-side respondents had in place, and the mapping of Nth party relationships, something that only 39% of respondents currently did.
DORA is set to redefine how financial firms interact with their third-party suppliers. The regulation is intended to ensure that firms have the operational resilience to deal with cyber-attacks and other issues threatening the operations of their information and communications technology stacks.
DORA will apply to over 20,000 EU regulated entities and has an extra-territorial impact for any firms with operations or activities in the EU. For executives overseeing third-party risk management, DORA is the latest in a web of guidelines and regulation that is exponentially increasing the complexity of the role.
For many firms, especially those on the buy-side, such as hedge funds and proprietary trading firms, DORA will be an entry point into formalised third-party risk management.
As part of the study, Acuiti surveyed its asset management and proprietary trading networks on their levels of awareness and the challenges they face in adopting DORA.
For proprietary trading executives, the challenge was one of awareness with 80% of respondents based in the EU or the UK saying that they were either unaware of DORA or were not impacted by it. As DORA applies to all Mifid II regulated firms, many of these firms will be in scope.
Other key findings include:
- The top challenges firms are facing in preparing for DORA include the operational resources required; the criteria to analyse threats and getting information from vendors
- While a majority of sell-side firms already map third-party relationships across their firm, the number that map nth party relationships, a key element of DORA, is much lower
- Few firms currently meet the full requirements of DORA with exit strategies for critical vendors and the frequency of reviews of third-party relationships identified as key areas of weakness
- Almost 90% of firms are increasing investment in third-party risk management to meet the requirements of DORA and other regulations and many are considering outsourcing management and compliance on a managed service basis
“With little over a year until implementation, there is significant work to be done by firms across the market to be ready for DORA,” says Will Mitting, founder of Acuiti.
“Currently, the operational resources required to meet the requirements of DORA is the biggest challenge facing most firms in the market in terms of their preparations for compliance. The industry will need to work together with vendors to streamline processes such as information requests in order to reduce the operational burden.”
“Compass Partners are delighted to partner with Acuiti on this topic.” says Neil McDonald, Managing Partner at Compass Partners. “The data shows that a lot of firms are unprepared for DORA, and also face significant challenges in ensuring fit for purpose processes and framework as well as a functional target operating model. As always, data quality and system feeds ensuring accurate mapping will also be a key challenge. Understanding 4th parties and associated risks, substitutability of critical vendors and testing of exit strategies will also add pressure points and complexity, stretching already limited resource. Compass Partners can help firms navigate these challenges and ultimately ensure regulatory compliance and best in class vendor management.”
Download full report here: https://www.acuiti.io/third-party-risk-management-in-the-time-of-dora
For more information, contact Nastja Konic at Acuiti
Tel.: +44 (0) 203 998 9190
Acuiti is a management intelligence platform designed to provide Senior Industry Professionals in the Derivatives Industry with high-value insight into industry-wide performance and business operations. Acuiti provides a platform through which our exclusive network of Senior Industry Executives can share and source information on day-to-day operational challenges, providing them and their management teams with increased transparency and in-depth analysis to make more informed decisions and benchmark company performance. Financial Institutions benefiting from our services include Banks, Non-bank FCMs, Brokers, Proprietary Trading Firms, Hedge Funds and Asset Managers.
About Compass Partners
Compass Partners is a boutique Managed Services Provider offering a comprehensive and outsourced approach to managing and supporting specific functions, processes, or systems with a focus on Operations, Risk Management and AML/KYC. In addition, we offer collaborative consultancy services to assist our clients in meeting their challenges and goals in what is a constantly evolving market. The founding partners have combined over 40 years of experience in the Global Financial Markets specialising in TPRM, On-boarding, Trade Processing & Reconciliations, Customer Support, Business Development and Project Management.