The European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) published today a summary report with the key findings from the 2024 Dry Run exercise on reporting the registers of information under the Digital Operational Resilience Act (DORA). The conclusions and lessons learnt as well as individual data quality feedback provided to financial entities during the exercise will aid preparations for the official reporting starting in 2025.
The quality of data observed in the registers submitted by almost 1,000 financial entities across the EU was in line with the ESAs’ expectations, considering the ‘best effort’ nature of the exercise. Of the registers analysed, 6.5% successfully passed all data quality checks, while 50% of the remaining registers failed less than 5 out of 116 data quality checks.
The ESAs are confident that the objective of having registers of sufficient quality in 2025 that would allow for the designation of critical third-party service providers (CTPPs) is not out of reach, subject to some additional efforts from the industry.
The key findings presented in the summary report and all supporting materials provided by the ESAs should be carefully considered by all industry stakeholders, including those financial entities that did not participate in the Dry Run exercise, as they will help them to be better prepared to report the registers in 2025.
Support to the industry
To support the Dry Run exercise and wider industry preparation, the ESAs provided numerous tools such as templates for the registers, a draft data point model, a draft reporting taxonomy, examples and instructions for filling data fields, and a tool for converting submissions into the required reporting format. Furthermore, the ESAs supported financial entities through a series of workshops, maintained and updated a ‘frequently asked questions’ document and responded to the individual queries through an email-based ‘hotline’.
The ESAs have applied data quality checks to all the registers that have been received and have shared individual feedback on the data quality issues with the competent authorities, which were in turn shared with the participating financial entities.
In November 2024, the ESAs also published a list of validation rules that will be used when analysing the registers of information in the official reporting in 2025 as well as the visual representation of the data model. These rules will be included in the updated technical reporting package (including updated data point model, taxonomy and validation rules), which will be published in the coming weeks. All preparatory materials are collated on the dedicated EBA webpage.
The ESAs are also continuing with the Dry Run workshops for the industry. The last workshop in the series will be held on 18 December, and will focus on the Dry Run summary report and the changes to the final ITS on the Registers of information.
The preparatory efforts should not stop with the completion of the Dry Run exercise. The individual data quality feedback provided to the financial entities should help them continue improving the quality of their data and ensure that the registers to be submitted in 2025 meet the regulatory requirements, are complete and provide all the necessary information for the designation of critical ICT third-party providers (CTPPs) by the ESAs.
Background
Since April 2024, the ESAs have been supporting the financial entities in their preparations for setting up and reporting the registers of information in relation to all contractual arrangements on the use of ICT services provided by the ICT third-party service providers (ICT TPPs). This mainly took the form of a dedicated Dry Run exercise that allowed for the testing of the reporting processes in an environment as close as possible to the upcoming first iteration of the official reporting in 2025, when the registers will be used by the ESAs for the purposes of designation of CTPPs to be under their oversight.