How Support PFSs can support financial institutions in their compliance journey
On November 18th, 2024, Finance & Technology Luxembourg (FTL) hosted its Annual Conference under the theme “Support PFSs in the Context of DORA: Opportunities and Challenges.” The event brought more than 100 participants and key stakeholders to discuss the implications of the Digital Operational Resilience Act (DORA) on Luxembourg’s financial sector.
Getting ready for DORA
Gilles Roth, Minister of Finance, officially opened the conference and outlined the critical importance of the DORA. Designed to standardize ICT risk management across the European financial sector, DORA aims to ensure that institutions, regardless of size, can withstand and recover from disruptions like cyberattacks. Minister Roth added that “the country’s financial ecosystem is well-prepared to integrate the regulation’s requirements”.
Ana Maria Fimin of the European Commission (DG FISMA) then provided a detailed explanation of these obligations and their potential impact. She first explained that DORA establishes “a uniform approach to digital resilience, closing gaps in preparedness across EU member states”. The expert then went through the different key requirements for financial institutions, from ICT Risk Management and Incident Reporting to Resilience Testing and Third-Party Oversight. She concluded on the importance of timely compliance, urging financial institutions to begin adapting now to avoid risks of non-compliance, including reputational damage and regulatory penalties.
Supporting companies in their compliance journey
Jean-François Terminaux, Chairman of FTL, elaborated on the strategic role of PFS (Professional of the Financial Services) entities in helping financial institutions comply with evolving regulations. “They play an essential role in the financial ecosystem by offering services such as IT management, compliance assistance, and operational support,” he added.
He then highlighted that there are 60 Support PFS companies in Luxembourg, and that they are particularly well-suited to assist with DORA because of their existing expertise in IT security, risk management, and compliance frameworks.
Balancing the DORA challenges and opportunities
Anne-Sophie Morvan (FTL Board Member, next to her activities at LUXHUB), Cécile Gellenoncourt (CSSF), Christophe Peltot (Kyndryl Luxembourg) and Lars Weber (Spuerkeess) took part in a panel discussion moderated by Nastassia Salash (Deloitte).
Cécile Gellenoncourt stressed the importance of collaboration between regulators, financial institutions, and third-party ICT providers. She pointed out that “achieving compliance is not just about meeting requirements but also about fostering a culture of resilience and innovation”.
Lars Weber provided insights into how traditional banks are adapting to the demands of digital resilience. He highlighted the importance of balancing compliance with customer-centric innovation, ensuring that operational changes enhance, rather than disrupt, service quality.
Anne-Sophie Morvan highlighted the growing demand from international clients in terms of cooperation in the context of due diligence exercises and contractual alignment with EBA guidelines and more recently DORA, which offers a unique positioning for Luxembourgish Support. Additionally, she mentioned that a comprehensive requirements list had been distributed to FTL members, offering a side-by-side comparison of the obligations under DORA and those specified in CSSF Circular 22/806. She also encouraged Support PFS to reach out to their clients and offer template addendums for contracts emphasized that by taking this initiative, Support PFS can position themselves as proactive partners to their clients, fostering trust while expediting compliance. Both Anne-Sophie Morvan and Lars Weber then both insisted that obliged entities expect the vendors to help in this journey. “That is, on the one hand, definitely a competitive advantage to be proactive and on the other hand, a big risk for customer relationship in case of lack of reactivity, since DORA compliance is a responsibility of the management”, they added.
Christophe Peltot discussed the complexity of integrating new systems and processes to meet DORA’s requirements. He emphasized the need for robust governance structures and strategic planning to ensure a seamless transition.
The panelists acknowledged that complying with DORA presents challenges—such as higher costs and increased scrutiny—but also opens doors to enhanced trust and market differentiation. A live poll among attendees revealed a 50/50 split in perception, with half viewing DORA as a challenge and the other half seeing it as an opportunity. 77% of participants also indicated that they intend to draft DORA Addendums.
The conference highlighted the unique strengths of Luxembourg’s financial ecosystem, particularly the Support PFS in enabling financial institutions to navigate complex regulatory landscapes. With DORA set to transform the industry, institutions must act proactively, leveraging the expertise of Support PFS and innovative technologies to not only meet compliance requirements but also gain a competitive edge.