Conférences d’actualité

OUTSOURCING: DORA, impacts, IT & security

Operational Risk Management

26 mars 2025, À distance, Luxembourg
40
Jours
10
Heures
58
Minutes
36
Secondes
Télécharger le programme (2.16 Mo)
Ref
26402G
Intervenants Objectifs Public Programme
Demander un devis S'inscrire

DORA (Digital Operational Resilience Act) regulation, comparable to the impact GDPR had on data protection, has become a benchmark for managing operational risks and overseeing outsourcing in the financial and insurance sectors.
More than just a regulatory evolution, it represents the emergence of a new standard, placing digital resilience at the core of corporate strategic priorities.

This unique event, led by renowned experts, offers an in-depth exploration of the challenges and impacts of this regulation, effective since January 2025.

Under the leadership of Sylvain Aubry (Global Head AML TA Operations at CITI), participants will gain practical insights and strategic guidance to navigate these new requirements effectively.

Key topics of the day include:

  • CSSF Expectations: Circular 22/806, outsourcing, and digital resilience.
  • Managing Outsourcing Contracts: Clause compliance, security, reversibility, and handling global service providers.
  • Optimizing long-term relationships with providers: meeting DORA accountability and digital resilience requirements (panel discussion).
  • Cybersecurity and cloud challenges: managing sensitive outsourced data.
  • Practical insights and sector-specific recommendations: navigating DORA obligations.
  • All the rules under Data Protection after DORA
  • Technological perspectives: the role of innovation in achieving regulatory compliance.

Don’t miss this opportunity to anticipate how DORA will impact your practices and embrace this new standard!

Intervenants
Nos intervenants
Amélie BRY
Amélie BRY
ABILWAYS LUX
Vincent WELLENS
Avocat à la cour
NautaDutilh Avocats Luxembourg
Jean DIEDERICH
Partner
FINEGAN
Franck ROESSIG
TELINDUS / Proximus Group
Julien WINKIN
Julien WINKIN
Managing Partner - Owner - DPO of the year
LuxGap
Sylvain Aubry
Chief Compliance Officer
Mitsubishi UFJ Investor Services & Banking
Rainer GROSSHANS
Senior Vice President - Head of Legal Department
MITSUBISHI UFJ INVESTOR SERVICES & BANKING
Karim BOUAISSI
Consulting, Cyber and Digital Risk
EY
Nicolas HAMBLENNE
Counsel - Avocat à la Cour au barreau de Luxembourg
PWC Luxembourg
Antonin JAKUBSE
Senior Manager Advisor Insurance - Financial Services
PWC Luxembourg
Xiaoyi FANG
Senior Manager Regulatory - Financial Services
PWC Luxembourg
Michael Horvath
Partner | Regulatory & Sustainability Services
PwC
Objectifs
  • Master the latest amendments to the DORA regulations
  • Incorporate CSSF recommendations into your practice
  • Anticipate the practical issues arising from the implementation of the new requirements

Public
  • Compliance officers
  • AML officers in banks, insurance companies, investment funds
  • Heads of compliance
  • Compliance analysts
  • Heads of legal
  • Lawyer
  • Head Of Strategy & Innovation,
  • Director of KYC,
  • Head of transaction monitoring
  • Head of banking
  • Security/Privacy Managers
  • Data Protection Officers
  • Chief Privacy Officers
  • MOA consultant
  • IT
  • Service provider
  • Middle et back office
  • Head of security
  • Head of back office
  • Auditors

Programme
Outsourcing: DORA, impacts, IT & security

Sylvain AUBRY
Global Head AML TA Operations
CITI

REGULATORY FRAMEWORK AND OBLIGATIONS


Regulatory Overview of Outsourcing: Before and After DORA

  • Presentation of Outsourcing Rules: EBA/ESMA guidelines (including CSSF Circular 22/806) in relation to DORA, with a focus on third-party provider management.
  • Study of the Intersection with the EDPB Opinion on Subcontracting.
  • EBA/ESMA Directives

Vincent WELLENS
IP & TECH partner
NautaDutilh

Practical Insights: Managing Outsourcing Contracts


A session focused on real-world challenges and actionable solutions to ensure compliance with DORA requirements.

  • Contractual Clause Compliance
  • Field Experience on Contractual Challenges:
  • Negotiating with international vendors, particularly large technology companies, often reluctant to adapt their standard contracts to meet DORA requirements.
  • Aligning contracts across stakeholders to guarantee full compliance with DORA obligations.

A session packed with practical examples, tools, and best practices to tackle the legal and operational hurdles posed by DORA.

Rainer GROSSHANS
Senior Vice President
Head of Legal Department
Mitsubishi UFJ Investor Services & Banking (Luxembourg) S.A.


Panel & interactive quiz

  • Practical Perspectives and Strategic Challenges
  • Optimizing Long-Term Relationships with Providers
  • Aligning Internal Practices with DORA Requirements

The Role of Technology in Managing DORA Obligations

Moderator
Sylvain AUBRY

Panelists
Frank ROESSIG
Head AI Solutions
Proximus Luxembourg S.A

Jean DIEDERICH
Partner
FINEGAN

Michael HORVATH
Partner
Regulatory & Sustainability Services
PWC

PRACTICAL INSIGHTS

Data Privacy Framework (DPF) since July 10, 2023

  • Overview of data transfer conditions between Europe and the United States
  • Current status: where do we stand?
  • Sustainability of the DPF amidst legal challenges:
  • Could the Court of Justice of the European Union (CJEU) re-evaluate the framework if contested?
  • Key insights more than 12 months after the implementation of the new transatlantic framework:
  • For European businesses
  • For American businesses
  • For individuals

Outsourcing and Best Practices in the Insurance Sector

  • Some Impacts on Contracts
  • What contractual adjustments are necessary to include DORA obligations, particularly regarding liability, transparency, and provider resilience?
  • How can specific clauses be integrated for incident management, audits, and business continuity?
  • What about internal processes? What mechanisms should be implemented to ensure that providers meet security and resilience standards?
  • What are the specific challenges for non-EU IT providers regarding data protection?
  • Audit and Monitoring

Outsourcing and Best Practices in the Insurance Sector

  • Some Impacts on Contracts
  • What contractual adjustments are necessary to include DORA obligations, particularly regarding liability, transparency, and provider resilience?
  • How can specific clauses be integrated for incident management, audits, and business continuity?
  • What about internal processes? What mechanisms should be implemented to ensure that providers meet security and resilience standards?
  • What are the specific challenges for non-EU IT providers regarding data protection?
  • Audit and Monitoring

Nicolas HAMBLENNE
Counsel
Avocat à la Cour au barreau de Luxembourg
PwC Legal

Antonin JAKUBSE
Senior Manager Advisor Insurance
Financial Services
PWC Luxembourg

Xiaoyi FANG
Senior Manager Regulatory
Financial Services
PWC Luxembourg

State of Play and Outlook on ICT Outsourcing under DORA and CSSF Circulars

  • DORA: Where Do We Stand Since the Application Date of January 17, 2025?
  • Analysis of Key Obligations for Entities Subject to DORA, including the Compliance of ICT Registers and Reporting to the CSSF.
  • CSSF Circulars on Outsourcing: Updates and Practical Implications
  • Focus on Circular 22/806 and its Harmonization with DORA
  • Where Do We Stand on Circular Updates, and What Will Be the Impact on Financial Entities?
  • Deadlines and Coordination Between CSSF and ESAs: Preparing for the 2025 Deadlines
  • Discussion on CSSF Obligations and Supervised Entities, including the Transfer of Registers to ESAs by April 30, 2025, and Best Practices for Preparation.

Karim BOUAISSI
IT Risk & Assurance
Partner
EY Luxembourg Consulting

Date de mise à jour : 20/12/2024
Dates et lieux
26 mar. 2025
Outsourcing: DORA, impacts, IT & security
Journée
Place disponibles

995 € HT

Sélectionner le lieu de la conférence

Durée minimum requise : 1 jour(s)

995€ HT

995 € HT

S'inscrire Demander un devis
Nous contacter
DEMANDER UN DEVIS
S'INSCRIRE