Financial Services Technology Panel: Best Practice Workshop

24th May 2022 from 6:00pm — 8:15pm • WCIT Hall

Book Now →

“The Effective Execution and Communication of DORA (Digital Operational Resilience Act) and other Resilience Regulations within the Financial Services Sector”


On 24 September 2020, the European Commission published its draft Digital Operational Resilience Act (DORA). The legislative proposal builds on existing information and

communications technology (ICT) risk management requirements already developed by other EU institutions and ties together several recent EU initiatives into one Regulation. The DORA aims to establish a much clearer foundation for EU financial regulators and supervisors to be able to expand their focus from ensuring firms remain financially resilient to also making sure they are able to maintain resilient operations through a severe operational disruption. Just prior to lockdown the UK’s Financial Conduct Authority (FCA) and Prudential Regulatory Authority (PRA) published Consultation Papers21 proposing measures to improve resilience of the UK’s financial sector.


In November 2021, WCIT’s Financial Services Technology Panel partnered with ISITC to examine the potential impact of this new legislation – you can read the conclusions here. With 2022 being the year of DORA and UK legislation implementation, we invite you to join our best practice workshop on the 24th May 2022. We continue our partnership with ISITC as we meet to hear from subject matter experts, exchange views and help to develop best practice around the needs and roles of all stakeholders impacted.


The regulations seek to ensure resilient operations through a severe operational disruption, in aid of avoiding intolerable harm, and ensuring value, to the end customer – the citizen. This necessitates an understanding of an organisation’s Important Business Services, and an integrated approach involving a number of different stakeholders within third party service providers (TPS’s) and likewise within institutions for example – application operators and designers, infrastructure managers and operators, compliance officers along with the senior management team. So given these different areas –




• What do practitioners in each of these areas feel about the way the new regulations have been communicated to them?

• What do they think best practice is when dealing with new regulations such as these?

• How do they best demonstrate that they are achieving what is required?



The WCIT Best Practice Workshop is an independent industry forum where practitioners from the industry can work together to respond to and address these questions.



The keynote speakers will provide their perspective on the regulation on building operational resilience and formulating process to respond to the regulation. We will then break up into

working groups to identify key concerns with delivering across the five DORA pillars.


• Compliance – ensuring the organisation is complying across the five pillars, and the evidence they needed that technology risks are being mitigated to ensure operational resilience.

• Infrastructure – making sure the organisation’s infrastructure is in good operational order, e.g., routing diversity, links with the services the Cloud providers to the organisation are


• Business Applications – ensuring their underlying applications are always up and running regardless of whether they are on the organisation’s own infrastructure or in the Cloud, e.g., how these impact operational resilience, how well contractual arrangements cover resilience.


Each group will address the questions from their own perspectives and report back their key concerns to the main group.


After the workshop the Panel will consolidate the outputs into a best practice discussion document for circulation to the contributors with a view to producing from that a set of best practice guidelines for ratification and wider circulation.




Welcome, open session


Keynote Speakers

Jack Armstrong, Director of Operational Resilience, EY will present on the regulator’s intent.

Paul Dyer, Chief Risk Officer, Amigo Loans Co.

Brett McGowan, Associate Director, Proviti focus on implementation and building operational resilience.

Working Group Briefing Working Group Workshops Working Groups present back Open discussions


Close formal session Reception (drinks and canapés)


Event Close



The Worshipful Company of Information Technologists Hall

39A Bartholomew Close, London EC1A 7JN


FS Tech Panel flyer May 2022