Artificial Intelligence is essential for 84% of financial institutions within the EU, yet the majority fall short in meeting the required standards for AI readiness, known as Dora-readiness.
In a recent survey conducted by PwC Luxembourg, it was revealed that while the majority of firms have implemented ICT risk taxonomies, only 4% have integrated the requirements of the EU's Digital Operational Resilience Act (DORA) into their day-to-day operations.
The report, which included banks, insurers, asset managers, and payment firms, highlights the complex implications of DORA for asset managers. Olivier Carré, deputy managing partner and technology & transformation leader at PwC Luxembourg, views DORA as a catalyst for well-calibrated reinvention, underpinning the transformation towards smarter, resilient businesses using AI and risk quantification.
Key challenges for asset managers in complying with DORA revolve around comprehensive ICT risk management, asset discovery and classification, third-party risk management, regular resilience testing and incident reporting, and regulatory oversight and compliance monitoring.
Asset managers must establish a robust governance framework for vulnerability management, maintain a real-time, auditable inventory of all ICT assets, conduct thorough due diligence and continuous monitoring of ICT third-party service providers, ensure readiness to detect vulnerabilities proactively and report incidents transparently, and face ongoing supervision by European regulatory bodies.
However, DORA also offers opportunities for asset managers. By implementing DORA’s framework, they can strengthen their ICT infrastructures, improve risk visibility and decision-making, standardize contractual practices, reduce sector-wide risks, strategically use technology, and enhance operational resilience.
Despite the progress made, many challenges remain. For instance, only 39% of firms have developed a methodology to quantify ICT risks, and 55% are still working to define their critical information and communications technology (ICT) functions and information assets, a key step required under DORA.
The survey also revealed that 58% of firms believe their third-party providers still face significant compliance gaps, and 26% of firms anticipate terminating at least one ICT provider this year due to DORA-related shortcomings. On a positive note, 84% of financial firms in the European Economic Area view AI and digital transformation as essential for their future success.
Michael Horvath, sustainability and sustainable finance leader at PwC Luxembourg, considers DORA as a foundational pillar of the digital transformation. He emphasises the importance of robust data governance and operational resilience structures to realise the full potential of AI.
In conclusion, while DORA presents significant operational and compliance challenges for asset managers, it also offers opportunities to build stronger, more transparent, and resilient digital operations within the EU financial ecosystem.
- The Digital Operational Resilience Act (DORA) is seen as a catalyst for businesses to reinvent themselves towards smarter, resilient operations utilizing AI and risk quantification in the realm of finance, as stated by Olivier Carré, deputy managing partner at PwC Luxembourg.
- Compliance with DORA requires asset managers to address key challenges such as comprehensive ICT risk management, asset discovery and classification, third-party risk management, regular resilience testing and incident reporting, and ongoing supervision by European regulatory bodies.
- Despite the challenges, DORA offers opportunities for businesses, as asset managers can strengthen their ICT infrastructures, improve risk visibility and decision-making, standardize contractual practices, reduce sector-wide risks, strategically use technology, and enhance operational resilience, making AI and digital transformation essential for future success, according to Michael Horvath, sustainability and sustainable finance leader at PwC Luxembourg.
