Search QAs

An Insurance client has filed to discontinue operations in Europe and have stopped any new business. Their European exit is mid 2025. Would they need to comply with all parts of DORA or are there exemptions? Could they apply for an extension?

Is there a presumed timeline of the reissue of ITS regarding the standard template for the register of information referred to in article 28(3) DORA by the ESAs? Furthermore, is there a presumed timeline of adoption of the RTS on subcontracting ICT services supporting a critical or important function (legal basis being article 30(5) DORA)?

EV63_3 and EV63_4 seem to be improperly implemented. The rule EV92 states that the Investment Expenses should be equal or lower to the investment expenses reported in S.29.02 (C0010 / R0050). The investment expenses in S.29.02 are reported negative too comply with the calculations in force on the S.29 in general.

A Group contains within it both insurance entities and banking entities; for the purposes of preparing the Register at a consolidated level, must it consider both types of Entity? To which Authority is the Register sent at a consolidated level?

We have a supplier who handles a critical process for us. Although the service itself is not directly ICT-related, the supplier uses ICT systems to deliver these services to us. The supplier believes that they should not be classified as a third party under DORA and therefore do not need an additional agreement. When I make an overall assessment of this

Are Payroll service providers or Payroll software providers within DORA’s scope? And if so, only if they provide services to Banks, Insurance companies, and Investment firms? Or as ICTs would they be subject to DORA independently of their customer?

Is DORA applicable only to Financial Institutions or can also be applicable to any other non-Financial organizations?

Art. 8 VII: Financial entities, other than microenterprises, shall on a regular basis, and at least yearly, conduct a specific ICT risk assessment on all legacy ICT systems and, in any case before and after connecting technologies, applications or systems. What does DORA mean by connecting?

For the assessment of the Solvency Capital Requirement (SCR) using a partial internal model, is it permissible for a solo insurance entity and for an insurance group to model underwriting risks through the partial internal model, while simultaneously applying the standard formula equity shock of 22% for long-term equity investments, provided that all the conditions set out in Article 171a of the Commission Delegated Regulation (EU) 2015/35 of 10 October 2014 are fulfilled?