Conférences d’actualité

OUTSOURCING: DORA, impacts, IT & security

Operational Risk Management

26 mars 2025, À distance, Luxembourg
40
Jours
10
Heures
58
Minutes
36
Secondes
Ref
26402G

10 % (excl. VAT) discount on each registration received by 31 January 2025 (code EARLY10)

DORA (Digital Operational Resilience Act) regulation, comparable to the impact GDPR had on data protection, has become a benchmark for managing operational risks and overseeing outsourcing in the financial and insurance sectors.
More than just a regulatory evolution, it represents the emergence of a new standard, placing digital resilience at the core of corporate strategic priorities.

This unique event, led by renowned experts, offers an in-depth exploration of the challenges and impacts of this regulation, effective since January 2025.

Under the leadership of Sylvain Aubry (Global Head AML TA Operations at CITI), participants will gain practical insights and strategic guidance to navigate these new requirements effectively.

Key topics of the day include:

  • CSSF Expectations: Circular 22/806, outsourcing, and digital resilience.
  • Managing Outsourcing Contracts: Clause compliance, security, reversibility, and handling global service providers.
  • Optimizing long-term relationships with providers: meeting DORA accountability and digital resilience requirements (panel discussion).
  • Cybersecurity and cloud challenges: managing sensitive outsourced data.
  • Practical insights and sector-specific recommendations: navigating DORA obligations.
  • How to Achieve Holistic Outsourcing Management?
  • Technological perspectives: the role of innovation in achieving regulatory compliance.

Don’t miss this opportunity to anticipate how DORA will impact your practices and embrace this new standard!

Intervenants
Nos intervenants
Amélie BRY
Amélie BRY
ABILWAYS LUX
Vincent WELLENS
Vincent WELLENS
Avocat à la cour
NautaDutilh Avocats Luxembourg
Jean DIEDERICH
Jean DIEDERICH
Partner
FINEGAN
Franck ROESSIG
Franck ROESSIG
TELINDUS / Proximus Group
Julien WINKIN
Julien WINKIN
Managing Partner - Owner - DPO of the year
LuxGap
Sylvain Aubry
Sylvain Aubry
Chief Compliance Officer
Mitsubishi UFJ Investor Services & Banking
Rainer GROSSHANS
Senior Vice President - Head of Legal Department
MITSUBISHI UFJ INVESTOR SERVICES & BANKING
Karim BOUAISSI
Karim BOUAISSI
Consulting, Cyber and Digital Risk
EY
Nicolas HAMBLENNE
Nicolas HAMBLENNE
Counsel - Avocat à la Cour au barreau de Luxembourg
PWC Luxembourg
Antonin JAKUBSE
Antonin JAKUBSE
Senior Manager Advisor Insurance - Financial Services
PWC Luxembourg
Xiaoyi FANG
Xiaoyi FANG
Senior Manager Regulatory - Financial Services
PWC Luxembourg
Michael Horvath
Michael Horvath
Partner | Regulatory & Sustainability Services
PwC
Objectifs
  • Master the latest amendments to the DORA regulations
  • Incorporate CSSF recommendations into your practice
  • Anticipate the practical issues arising from the implementation of the new requirements

Public
  • Compliance officers
  • AML officers in banks, insurance companies, investment funds
  • Heads of compliance
  • Compliance analysts
  • Heads of legal
  • Lawyer
  • Head Of Strategy & Innovation,
  • Director of KYC,
  • Head of transaction monitoring
  • Head of banking
  • Security/Privacy Managers
  • Data Protection Officers
  • Chief Privacy Officers
  • MOA consultant
  • IT
  • Service provider
  • Middle et back office
  • Head of security
  • Head of back office
  • Auditors

Programme
Outsourcing: DORA, impacts, IT & security

Sylvain AUBRY
Global Head AML TA Operations
CITI

REGULATORY FRAMEWORK AND OBLIGATIONS


Regulatory Overview of Outsourcing: Before and After DORA

  • Presentation of Outsourcing Rules: EBA/ESMA guidelines (including CSSF Circular 22/806) in relation to DORA, with a focus on third-party provider management.
  • Study of the Intersection with the EDPB Opinion on Subcontracting.
  • EBA/ESMA Directives

Vincent WELLENS
IP & TECH partner
NautaDutilh

Practical Insights: Managing Outsourcing Contracts

A session focused on real-world challenges and actionable solutions to ensure compliance with DORA requirements.

  • Contractual Clause Compliance
  • Field Experience on Contractual Challenges:
  • Negotiating with international vendors, particularly large technology companies, often reluctant to adapt their standard contracts to meet DORA requirements.
  • Aligning contracts across stakeholders to guarantee full compliance with DORA obligations.

A session packed with practical examples, tools, and best practices to tackle the legal and operational hurdles posed by DORA.

Rainer GROSSHANS
Senior Vice President
Head of Legal Department

Mitsubishi UFJ Investor Services & Banking (Luxembourg) S.A.


Panel & interactive quiz

  • Practical Perspectives and Strategic Challenges
  • Optimizing Long-Term Relationships with Providers
  • Aligning Internal Practices with DORA Requirements

The Role of Technology in Managing DORA Obligations

Moderator
Sylvain AUBRY

Panelists
Frank ROESSIG
Head AI Solutions
Proximus Luxembourg S.A

Jean DIEDERICH
Partner
FINEGAN

Michael HORVATH
Partner
Regulatory & Sustainability Services
PWC

PRACTICAL INSIGHTS

Holistic Management of Outsourcing: Compliance and Efficiency

  • How to manage outsourcing partners under the shared and specific requirements of NIS, GDPR, and DORA:
    What are the key considerations?
  • Key focus areas: Securing contracts, risk assessment, and supplier monitoring
  • Practical strategies: How can organizations ensure compliance while minimizing legal and operational risks?
  • Case study and practical tools: A real-world example showcasing best practices, followed by a final checklist to effectively integrate these principles into your governance framework

Julien WINKIN
Managing Partner
External DPO& CISO
LUXGAP


Key considerations for continuous monitoring of your Service Providers

  • Regulatory updates (focus on the insurance sectors)
  • Contractual aspects (including DORA impacts)
    • What contractual mechanisms can be considered to monitor effectively service providers?
    • Main challenges and advice on the negotiation of KPIs
    • Recommendations in case of underperformance against the agreed KPIs

Operational aspects (including DORA impacts)

  • Governance - roles and responsibilities specifically in a group set-up
  • Guidance on continuous monitoring practices for third-party vendors (Group vs. third party vendors).
  • What are the specific challenges for non-EU IT providers regarding data protection?

Nicolas HAMBLENNE
Counsel
Avocat à la Cour au barreau de Luxembourg
PwC Legal

Antonin JAKUBSE
Senior Manager Advisor Insurance
Financial Services

PWC Luxembourg

Xiaoyi FANG
Senior Manager Regulatory
Financial Services
PWC Luxembourg

State of Play and Outlook on ICT Outsourcing under DORA and CSSF Circulars

  • DORA: Where Do We Stand Since the Application Date of January 17, 2025?
    • Analysis of Key Obligations for Entities Subject to DORA, including the Compliance of ICT Registers and Reporting to the CSSF.
  • CSSF Circulars on Outsourcing: Updates and Practical Implications
    • Focus on Circular 22/806 and its Harmonization with DORA
    • Where Do We Stand on Circular Updates, and What Will Be the Impact on Financial Entities?
  • Deadlines and Coordination Between CSSF and ESAs: Preparing for the 2025 Deadlines
  • Discussion on CSSF Obligations and Supervised Entities, including the Transfer of Registers to ESAs by April 30, 2025, and Best Practices for Preparation.

Karim BOUAISSI
IT Risk & Assurance
Partner
EY Luxembourg Consulting

Date de mise à jour : 14/01/2025