ESAs Bolster Resilience with New DORA Oversight Director

ESAs Bolster Resilience with New DORA Oversight Director

By

The European Supervisory Authorities (ESAs) - comprising the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA), and the European Securities and Markets Authority (ESMA) - have announced the appointment of Marc Andries as the Director for DORA joint oversight. This appointment marks a significant step in implementing the Digital Operational Resilience Act (DORA), a key regulation aimed at strengthening the IT security and resilience of the European financial sector.

Marc Andries, who assumed his new role on October 1, 2024, will lead the recently established joint Directorate responsible for overseeing critical third-party providers under DORA. With over three decades of experience in IT, including roles in ICT project management, oversight, and supervision, Andries brings a wealth of expertise to this crucial position.

Prior to this appointment, Andries served as Chief Inspector at Banque de France and Head of the IT Inspection Unit at the French Prudential Supervision and Resolution Authority (ACPR). His extensive background in international groups dealing with ICT risks positions him well to tackle the challenges of implementing DORA's oversight framework.

DORA: Strengthening Europe's Financial Cybersecurity

DORA, which entered into force on January 16, 2023, and will apply from January 17, 2025, represents a significant leap forward in harmonizing operational resilience rules across the European financial sector. The regulation covers a wide range of financial entities, including banks, insurance companies, and investment firms, as well as ICT third-party service providers.

Key aspects of DORA include:

  1. ICT Risk Management: Establishing principles and requirements for robust ICT risk management frameworks.
  2. Third-Party Risk Management: Enhancing monitoring of third-party risk providers and defining key contractual provisions.
  3. Digital Operational Resilience Testing: Implementing both basic and advanced testing protocols.
  4. ICT-Related Incident Reporting: Setting requirements for reporting major ICT-related incidents to competent authorities.
  5. Information Sharing: Facilitating the exchange of information and intelligence on cyber threats.
  6. Oversight of Critical Third-Party Providers: Creating a comprehensive oversight framework for critical ICT third-party providers.

The appointment of Marc Andries and the implementation of DORA reflect the growing recognition of technology's critical role in the financial sector. As financial entities increasingly rely on tech companies for service delivery, the need for robust cybersecurity measures and operational resilience has never been more pressing.

DORA aims to address these challenges by ensuring that the European financial sector can maintain stability and continuity of services even in the face of severe operational disruptions or cyber-attacks. This harmonized approach across 20 different types of financial entities and ICT third-party service providers is expected to significantly enhance the sector's overall resilience.

As the January 2025 application date approaches, financial institutions and ICT providers across Europe will be closely watching the developments under Andries' leadership. The success of DORA's implementation will be crucial in safeguarding the European financial system against the evolving landscape of digital threats and ensuring its long-term stability in an increasingly interconnected world.

The appointment of Marc Andries marks a significant milestone in Europe's journey towards a more resilient and secure financial ecosystem, setting the stage for a new era of digital operational resilience in the financial sector.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.