The European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) today announced that they will launch in May the voluntary exercise for the collection of the registers of information of contractual arrangements on the use of ICT third-party service providers by the financial entities. Under the Digital Operation Resilience Act (DORA) and starting from 2025, financial entities will have to maintain registers of information regarding their use of ICT third-party providers. In this dry run exercise, this information will be collected from financial entities through their competent authorities and will serve as preparation for the implementation and reporting of registers of information under DORA.
The ESAs and the competent authorities are introducing this voluntary exercise to help financial entities prepare for establishing their register of information, gathering the relevant information specified in the ESAs’ final draft Implementing Standards on the registers of information and reporting their registers of information to their respective competent authorities, who will, in turn, provide those to the ESAs.
Financial entities participating in the dry run will receive support from the ESAs to: (1) build their register of information in the format as close as possible to the steady-state reporting from 2025, (2) test the reporting process, (3) address data quality issues, and (4) improve internal processes and quality of their registers of information.
As part of the exercise, the ESAs will provide feedback on data quality to financial entities participating, return cleaned files with their register of information, organise workshops and respond to frequently asked questions.