Ireland’s Pensions Authority has published an information note on the Digital Operational Resilience Act (DORA) for trustees.
The EU regulation will come into force on 17 January 2025 and aims to strengthen digital operational resilience in the financial sector. As part of the regulation harmonised requirements for financial entities on the use of ICT services will be introduced.
“Trustees will bear ultimate responsibility for ensuring their scheme’s compliance with the requirements, irrespective of any outsourcing arrangements in place,” the authority said.
The way the DORA requirements apply to a scheme will depend on the size of the scheme’s active and deferred membership. Schemes with 100 or more active and deferred members are subject to all DORA requirements.
Schemes with 16-99 active and deferred members are subject to most DORA requirements. However, a simplified version of the ICT risk management framework applies for these schemes, and they are exempt from performing advanced testing of ICT systems and from having to adopt a strategy on ICT third-party risk.
Schemes with 15 or less active and deferred members are not subject to DORA.
Trustees must document and maintain a comprehensive ICT risk management framework to include ICT business continuity plans and other policies and controls, as part of the overall risk management system.
They will also need to identify all sources of ICT risk and cyber threats continuously together with ongoing monitoring of the security and functioning of ICT systems relied on.
Those who use third-party ICT services must ensure that key contractual provisions are in place with service providers as set out in Article 30 of DORA. They will also need to maintain a register of information on all contractual arrangements on the use of ICT services provided by third-party providers.
In addition, trustees will be required to manage and report major ICT-related incidents to the Pensions Authority and keep a record of significant cyber threats and they will need to test ICT systems supporting critical functions at least yearly.
The guidance can be accessed here.
Latest News
-
Looking back: The most popular stories from 2024
-
Looking back: The Pensions Age 2024 financial literacy focus
-
NBIM acquires 80% stake in Paris office property
-
EIOPA revokes several guidelines to avoid DORA overlaps
-
Dutch pension fund BpfBOUW to switch to new pension rules in 2026
-
Swedish Pensions Agency tasked with combating benefit fraud
Podcast: Stepping up to the challenge
In the latest European Pensions podcast, Natalie Tuck talks to PensionsEurope chair, Jerry Moriarty, about his new role and the European pension policy agenda
Podcast: The benefits of private equity in pension fund portfolios
The outbreak of the Covid-19 pandemic, in which stock markets have seen increased volatility, combined with global low interest rates has led to alternative asset classes rising in popularity. Private equity is one of the top runners in this category, and for good reason.
In this podcast, Munich Private Equity Partners Managing Director, Christopher Bär, chats to European Pensions Editor, Natalie Tuck, about the benefits private equity investments can bring to pension fund portfolios and the best approach to take.
In this podcast, Munich Private Equity Partners Managing Director, Christopher Bär, chats to European Pensions Editor, Natalie Tuck, about the benefits private equity investments can bring to pension fund portfolios and the best approach to take.
Mitigating risk
BNP Paribas Asset Management’s head of pension solutions, Julien Halfon, discusses equity hedging with Laura Blows
© 2019 Perspective Publishing Privacy & Cookies
Recent Stories