DORA implementation for e-money and payment service providers

The EMA is launching a working group on digital operational resilience for e-money issuers and payment service providers (“DORA 2024“).

The DORA regulation, directive and numerous RTS, ITS and guidelines will apply from January 2025. We will be working together to implement DORA within the EMI and PI business and be ready for this deadline. 

DORA 2024 working group sessions form part of the EMA’s compliance support track for members and will be purely practical in nature. Documents, checklists, templates etc. will be provided to attendees. 

The sessions take a holistic approach to DORA by covering implementation from operational resilience, legal and compliance perspectives. The sessions are led by experienced IT security and operational resilience professionals as well as lawyers and compliance professionals. 

The DORA working group will run for eight sessions as follows: 

  • SESSION 1: What should I be doing right now? 
  • SESSION 2: Assessing the current state of operational resilience
  • SESSION 3: Developing a Governance, Risk and Compliance Framework
  • SESSION 4: Developing an ICT Risk Management Framework 
  • SESSION 5: Establishing a programme for ongoing compliance
  • SESSION 6: Data Breach! Cyber Attack! Developing an Incident Management Framework
  • SESSION 7: Managing ICT Third Party Provider risk – Critical providers
  • SESSION 8: Managing ICT Third Party Provider risk – Establishing the register and drafting the contract

Working group sessions are open to members of the EMA. If you would like to join the EMA and attend this working group, please contact us.