Digital Operational Resilience Act (DORA) - CSSF compliance preparation survey for investment fund managers

On 3 April, the CSSF sent a DORA compliance preparation survey to a number of investment fund managers, to be completed and returned by 15 June 2023.

06/04/2023

For each of the five DORA pillars, the CSSF survey asks whether the IFM has conducted a gap analysis, enquires about the gaps identified and asks whether mitigation plans are already in place or intended to be put in place, as well as the planned timeline for implementation. The CSSF also requests IFMs to self-assess their level of DORA readiness.

In force since 16 January 2023, DORA creates a regulatory framework on digital operational resilience whereby European financial entities are required to ensure they can withstand, respond to and recover from all types of ICT-related disruptions and threats. DORA deals with a wide range of operational resilience topics, divided into 5 pillars:

 

  • ICT risk management
  • ICT-related incident management, classification and reporting
  • Digital operational resilience testing
  • Managing of ICT third-party risk
  • Information-sharing arrangements

 

The DORA rules will become fully applicable as from 17 January 2025. The designated European Supervisory Authorities are currently developing technical standards with which financial entities must comply, whilst national competent authorities will oversee compliance and enforce the regime as required.

 

DORA applies to a range of financial entities regulated at EU level. This includes most credit institutions, payment institutions, electronic money institutions, investment firms, managers of alternative investment funds and management companies, as well as insurance and reinsurance undertakings and intermediaries. Microenterprises are also within scope of DORA, subject to specific provisions. DORA also applies to ICT third-party service providers of digital and data services, including providers of cloud computing services, software, data analytics services and data centres.

 

Contact our experts Bénédicte d’Allard and Astrid Wagner if you need assistance with completing the CSSF survey or you wish to conduct a DORA gap analysis.


To learn more about DORA implementation steps, click here_

Read our previous Newsflash to learn more information about DORA here_

Contacts

Bénédicte d’Allard

Senior Manager

Regulatory Consulting

Astrid Wagner

Partner

IP, Communication & Technology, Corporate Law, Mergers & Acquisitions

YOU MIGHT ALSO WANT TO DISCOVER

26/05/2023
Luxembourg VAT authorities clarify VAT treatment of company cars

The newly published circular clarifies the VAT treatment set out in Circular N°807, which was published shortly after the CJEU’s decision

Read More_