The implementation of the Digital Operational Resilience Act (DORA) is likely to have a significant impact on the resourcing of risk and compliance departments within financial institutions in Ireland in the months ahead.

DORA introduces new requirements for risk management frameworks, contract remediation projects, and compliance with specific digital operational resilience standards. This means that risk and compliance departments will have additional responsibilities and tasks to handle, potentially increasing their workload.

These include:

• Contract remediation – The contract remediation project, which involves reviewing and categorising contracts and conducting gap analyses, can be resource-intensive.
• DORA compliance may also necessitate the use of technology solutions for efficient contract analysis and management. Risk and compliance departments may need to invest in or integrate new software tools to streamline their processes.
• Reporting and Monitoring – DORA requires organizations to establish robust reporting and monitoring mechanisms. This may require the deployment of additional resources to ensure ongoing compliance and reporting to regulatory authorities.

In order to meet the demands for DORA it is key that clients, if they haven’t already, start looking at the resource allocation to meet the increased demands and start resource planning.

Advice for clients

To meet the demands of DORA, organisations may need to allocate more resources to their risk and compliance departments. This could include hiring additional staff with expertise and so we anticipate to see increased demand for regulatory compliance specialists, risk managers, data privacy and those at an analyst level (more so to conduct the risk assessments).

Resource planning is a key consideration for both financial entities companies. The initial phase of DORA, which involves capturing in-scope ICT, conducting a gap analysis, and reviewing subcontracting and critical service providers, requires a significant number of resources. It is advisable to start the process no later than the third quarter of 2023 to ensure sufficient time for testing and readiness before the “go-live” deadline in January 2025.

In summary, the implementation of DORA is likely to have a substantial impact on the resourcing of risk and compliance departments. Organisations will need to assess their current capabilities, identify gaps, and allocate the necessary resources to meet the regulatory requirements effectively and in a timely manner. Proactive planning and resource allocation will be essential to navigate the complexities of DORA compliance successfully.

For guidance on the talent market across risk and compliance and to discuss resource planning on a permanent or interim basis please contact Director & Co-Founder, Andrew Murphy, on +353858205640 or Andrew.murphy@coopman.ie