Digital Operational Resilience Act (DORA) - CSSF compliance preparation survey for investment fund managers

On 3 April, the CSSF sent a DORA compliance preparation survey to a number of investment fund managers, to be completed and returned by 15 June 2023.

06/04/2023

For each of the five DORA pillars, the CSSF survey asks whether the IFM has conducted a gap analysis, enquires about the gaps identified and asks whether mitigation plans are already in place or intended to be put in place, as well as the planned timeline for implementation. The CSSF also requests IFMs to self-assess their level of DORA readiness.

In force since 16 January 2023, DORA creates a regulatory framework on digital operational resilience whereby European financial entities are required to ensure they can withstand, respond to and recover from all types of ICT-related disruptions and threats. DORA deals with a wide range of operational resilience topics, divided into 5 pillars:

 

  • ICT risk management
  • ICT-related incident management, classification and reporting
  • Digital operational resilience testing
  • Managing of ICT third-party risk
  • Information-sharing arrangements

 

The DORA rules will become fully applicable as from 17 January 2025. The designated European Supervisory Authorities are currently developing technical standards with which financial entities must comply, whilst national competent authorities will oversee compliance and enforce the regime as required.

 

DORA applies to a range of financial entities regulated at EU level. This includes most credit institutions, payment institutions, electronic money institutions, investment firms, managers of alternative investment funds and management companies, as well as insurance and reinsurance undertakings and intermediaries. Microenterprises are also within scope of DORA, subject to specific provisions. DORA also applies to ICT third-party service providers of digital and data services, including providers of cloud computing services, software, data analytics services and data centres.

 

Contact our experts Bénédicte d’Allard and Astrid Wagner if you need assistance with completing the CSSF survey or you wish to conduct a DORA gap analysis.


To learn more about DORA implementation steps, click here_

Read our previous Newsflash to learn more information about DORA here_

related documents
Luxembourg Newsflash - Di...
pdf - 155.07 KB

Contacts

Bénédicte d’Allard

Senior Manager

Regulatory & Consulting

Astrid Wagner

Partner

IP, Communication & Technology, Corporate Law, Mergers & Acquisitions

05/04/2023
New legislation: criminal penalties doubled for intention to discriminate
22/04/2024
Exploring the synergy: VAT and transfer pricing

YOU MIGHT ALSO WANT TO DISCOVER

24/04/2024
Arendt advised Thoma Bravo in the context of the acquisition of Compliance Specialist EQS

Arendt advised Thoma Bravo, a leading private equity firm, as manager and/or advisor of certain funds in the context of the acquisition of EQS Group AG, a leading international cloud software provider in the areas of corporate compliance, investor relations and ESG.

Read More_

How can we help you?

0 result

Our expertise 0 result

Our people 0 result