Following on from our DORA-focused discussion sessions held in November 2024, ORX hosted a virtual meeting with our members on 18 March 2025. Just over two months after the legislation came into effect, this session focused on integrating compliance activity into business-as-usual and third party risk management.
Headline findings from the session:
- Most firms agreed that they were compliant with the spirit of the legislation, although some work remains
- The focus has now shifted towards governance and embedding compliance into day-to-day activities
- Ongoing challenges are concentrated around third party risk management (TPRM), and incident management and reporting
- There is consensus that, while burdensome, DORA requirements represent best practices around resilience and TPRM
- For those operating across multiple jurisdictions, lack of global regulatory alignment on resilience remains a challenge, but taking a group-wide approach to compliance is helping build a strong foundation for compliance with current and prospective regulations