This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Business Strategy Case Study
Global Regulatory Excellence: A Financial Organisation’s Path to Enhanced Compliance
The Company
A global financial organisation aiming to enhance their regulatory compliance to meet stringent new EU regulations for financial institutions specifically the Digital Operations Resilience Act (DORA) met with our specialist in-house consultants. The work was carried out by Xcina Consulting, a division of Brookcourt Solutions, a Shearwater Group portfolio company who provide consultancy services around risk management and compliance.
The Challenge
The aim of the engagement was to ensure that the business is fully compliant with the new legislation by the enforcement date of 17 January 2025. Xcina Consulting helped the financial organisation to understand and implement the framework, specifically the 5 Pillars of DORA, including risk management, operational resilience, ICT Incident reporting, testing and ICT third-party risk management.
The Approach
Xcina’s consultants worked closely with the client to identify parts of the business which provide financial services to EU organisations as well as parts of the business servicing DORA-compliant organisations.
An initial Gap Analysis exercise identified the parts of the business that need to meet DORA compliance, either as a financial service provider, providing services to a DORA compliant organisation or an internal division providing services to a DORA compliant division. Our consultants then worked with the customer to create a project plan to provide a group DORA framework and the individual regional requirements where needed.
From end-to-end project management to recommendations around technology solutions, internal processes and workflows to address compliance gaps, the client now has a clear understanding of the DORA framework and its requirements. Through a detailed gap analysis and comprehensive project management, the business has identified and started remediating to meet the compliance requirements. The development and implementation of this project plan provides a clear path to enhance their operational resilience and risk management processes for themselves, their customers and third-party suppliers.
Conclusion
With the appropriate practices and technology solutions in place, the client is well-prepared to meet the DORA regulatory requirements by 17 January 2025, ensuring continued protection and resilience against modern cyber threats.