The Digital Operational Resilience Act (hereinafter: DORA) has been discussed for quite some time. At the latest when the regulation is published at the end of December 2022, financial companies and third-party service providers will have to start implementing the requirements in time for the 2025 entry into force.
A good organizational structure and its documentation form the basis, while an efficient IT strategy provides the direction of travel.
When it comes to compliance issues, the question is usually where to start, where to stop?
Cyber risks and IT security are increasingly in the focus of supervision with new technologies on the rise. Consequently, the German Federal Financial Supervisory Authority (BaFin) published its Insurance Supervisory Requirements for IT (VAIT) on March 3, 2022, thus bringing them into force.