Industry
Investment management
Our role
DORA compliance
Our services
Regulatory compliance and business transformation
Result
Value-adding DORA compliance
Leveraging DORA compliance to drive operational resilience
In today’s fast-paced financial landscape, regulatory requirements are often seen as hurdles — especially when they come with tight deadlines. One leading global investment firm faced this challenge as it prepared for the upcoming Digital Operational Resilience Act (DORA), a critical piece of legislation that will affect its operations across Europe by January 2025.
The firm, headquartered in New York City but with significant operations in Luxembourg, Ireland and the US, needed to act quickly to assess its compliance needs and formulate a plan to meet DORA’s rigorous standards. That’s where we came in.
The challenge: rising costs and compliance pressure
Like many firms, this investment management company felt the weight of increasing regulatory pressure. DORA, designed to ensure operational resilience in the face of digital disruption, was just one of several new regulations on their radar. The real challenge? Finding a way to comply without breaking the bank.
The company wanted more than a simple compliance check — they needed a strategic approach to enhance their operational resilience globally, beyond just ticking the DORA box.
The solution: PwC’s two-phase approach
Recognising the scale and complexity of the client’s needs, we devised a tailored, two-phase solution.
Phase 1: DORA gap assessment
We kicked things off by assessing the firm’s current state of compliance across the Level 1 and Level 2 DORA texts. This involved project planning, stakeholder engagement, and detailed workshops to gather evidence and insights. Our team worked closely with the client, identifying gaps in their current processes and highlighting areas that needed improvement. Importantly, the assessment didn’t just focus on compliance — it looked at how these changes could strengthen the firm’s overall resilience.
With a clear understanding of what needed to be done, we developed a detailed roadmap, including recommendations for remediation actions. These weren’t just about compliance; they aimed to increase the client’s overall maturity in line with their global operational resilience targets.
Phase 2: remediation and implementation
Once the gap assessment was complete, the next step was implementing the changes needed to achieve DORA compliance. We worked hand-in-hand with the client, leveraging resources from its global DORA team to streamline the process and minimise the burden on the firm. The team also considered the client’s budgetary concerns, developing a practical, risk-based solution that aligned with their cost-saving goals.
One of the standout moments in the project came when we facilitated awareness sessions with the client’s board. These sessions not only secured the necessary funding for DORA-related initiatives, they also helped the board and management team develop a deeper appreciation for the organisation’s digital risk landscape.
The outcome: transforming compliance into value
Thanks to our comprehensive approach, the investment firm didn’t just achieve compliance — it transformed its business in the process. By focusing on the operational resilience as a strategic asset and taking a risk-based approach rather than a regulatory ‘check the box’ exercise, the company built a stronger foundation for the future.
The firm is well on its way to DORA compliance, the board and management became more engaged in managing digital risks, and PwC globally has embarked on further engagements with the client.
Most importantly, this project demonstrated that regulation doesn’t have to be a burden. When approached strategically with a risk-based approach, compliance can catalyse positive change and drive value across the business.
Digital Operational Resilience Act (DORA)
Harmonising digital operational resilience throughout the EU’s financial sector.
Contact us
Follow PwC Ireland
