The European Supervisory Authorities (ESAs), which comprise the EBA, EIOPA and ESMA, have announced that they will undertake a voluntary dry run exercise starting in May. The exercise is designed to prepare financial entities for the implementation of reporting requirements outlined in the Digital Operational Resilience Act (DORA).
Under DORA, starting from 17 January 2025, financial entities must maintain registers of information concerning the contractual use of third-party service providers for information and communication technology (ICT). The upcoming dry run exercise will gather this information from financial entities via their national competent authorities (NCAs).
Participating financial entities will receive support from the ESAs to build their register of information in a format as close as possible to the steady-state reporting from 2025. They will get the opportunity to test the reporting process and to address data quality issues. According to the factsheet “Dry run to prepare for DORA”, the participants will also get support from the ESAs to improve internal processes.
As part of the exercise, the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOP) and the European Securities and Markets Authority (ESMA) will “provide feedback on data quality to financial entities participating, return cleaned files with their register of information, organise workshops and respond to frequently asked questions”.
The ad-hoc data collection is scheduled to launch in May. Financial entities are expected to submit their registers of information to the ESAs through their NCAs between 1 July and 30 August.