DORA Regulation
16th January 2025 is the deadline for payment institutions (both MIPs and KIPs) to comply with Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14th December 2022 on the digital operational resilience of the financial sector (in short: DORA).
What obligations must a payment institution meet from 17th January 2025?
In order to ensure full compliance with DORA, all institutions with the status of KIPs, MIPs and AISPs must prepare and implement:
Why is it so important to implement DORA?
Timely implementation of DORA is an obligation of the KIP, MIP and AISP directly provided for in the provisions of the regulation. Failure to comply with DORA regulations before 17 January 2025 will result in high financial penalties.
According to the latest draft of the Polish law implementing DORA, these are maximum:
1) for KIP/MIP – the amount of PLN 20,869,500 or 10% of net revenues from the sale of goods and services and financial operations;
2) for a natural person, including members of the Management Board of KIP/MIP – the amount of PLN 3,042,410.
Audit compliance with the requirements of the DORA regulation - what do we offer?
Our goal is to comprehensively examine the compliance of your company’s operations with the requirements of Regulation 2022/2554 of 14th December 2022 on digital operational resilience of the financial sector (DORA), delegated acts to DORA (regulatory technical implementing standards – RTS and ITS) and the relevant provisions of Polish law.
After the audit is completed, we provide a detailed report with the results of the audit, indicating the areas where additional work is required to achieve compliance with DORA, in particular:
Results from the assessment of the completeness and adequacy of the Principal’s existing internal documentation in terms of DORA requirements, together with an indication of gaps/deficiencies in this documentation or areas that require modification (supplementation or change) and a recommendation of the scope of necessary adjustments (Gap Assessment);
Results from the assessment of the adequacy of the ICT solutions used by the Principal in terms of DORA requirements, taking into account the size and general risk profile of the Principal’s enterprise, together with recommendations for the introduction or modification of technical solutions (Adequacy Assessment);
Results from the assessment of contracts concluded with ICT third-party service providers, in particular with regard to mandatory contractual arrangements and existing concentration risk, together with recommendations on how to maintain, amend or terminate these agreements and propose model contractual clauses to supplement the identified deficiencies (Contractual Provisions Assessment);
A roadmap for adapting the organisation to the requirements of DORA, including a schedule of further actions to be taken by the Principal in accordance with the recommendations provided to it by the Contractor, together with a proposal for further support that the Contractor may provide to the Principal.
Why us?
We are a company that specializes in software development (using the Secure Software Development Life Cycle – SSDLC approach), providing ICT experts and Cyber Security solutions, including audits, security analyses, consulting services and compliance control. We cooperate with many entities from the financial market, including the Polish Financial Supervision Authority (KNF).
Partner project
On the project, we cooperate with Raczyński Skalski & Partners, which offers comprehensive legal services to financial market entities, including banks, payment service providers and companies from the FinTech sector. They specialise in obtaining permits from the Polish Financial Supervision Authority and advising on outsourcing, digital resilience and anti-money laundering regulations.
Our specialists involved in the implementation of the offer:
Michał Lewandowski – ICT Security expert
An expert with over 20 years of experience in the field of ICT security. He has key certifications including CISSP, CISA, CRISC, CGEIT. An experienced engineer, architect and IT analyst. Auditor with extensive experience in the area of cyber security management. He uses his experience at the interface of information and communication technology and management in order to maximize the use of new technologies to support the achievement of strategic goals of institutions and enterprises.
Bartosz Jarzyński – ICT Security expert
An expert with many years of experience in audits. Holder of certificates such as: CEH, AZ-500, Fortinet FCP, Information Security Manager and PMP. Experienced in identifying potential threats and proposing effective risk management strategies. He conducts audits and implements security strategies in accordance with the latest standards in the industry.
Paweł Maciejczyk – ICT Security expert
An expert with over 20 years of experience in the IT area and over 10 years in the field of cybersecurity. Experienced analyst, engineer and information security auditor. He has a technical background and a deep understanding of legal issues. He gained his IT skills at industrial facilities, and then in the data center of the Polish Ministry of Finance, as an administrator of IT security networks and systems. Internal auditor of ISO/IEC 27001:2013, since 2016, lead auditor of ISO/IEC 27001:2017 with PCA accreditation since 2021.
Please contact us to discuss the details of our offer and find out how we can help your company fully comply with the requirements of the DORA regulation.