On 17 December 2024, the European Supervisory Authorities (ESAs) issued a summary report with the key findings from the 2024 dry run exercise on reporting the registers of information (RoI) under the Digital Operational Resilience Act (DORA).
Dry run
The primary objective of the dry run exercise was to help financial entities with the preparation of the RoI and their reporting to Member State competent authorities (NCAs) and the ESAs. The exercise was designed to help the industry improve data quality for the formal reporting that will begin from 2025. The dry run exercise also allowed for testing the reporting processes in an environment as close as possible to the official reporting.
Summary report
The summary report is intended to provide an overview of the dry run exercise and its key findings focusing on the quality of data found in the RoI submitted to the ESAs.
The report draws conclusions and highlights lessons learnt that should be considered by financial entities, NCAs and the ESAs to ensure that the financial sector is generally better prepared for the start of the application of DORA in 2025 and the RoI to be reported by the financial entities are of better quality and meet the requirements of the applicable legislation.
The report has three main sections:
- Section 2 provides an overview of the participating financial entities.
- Section 3 deals with the key points observed in the dry run submissions from a data quality perspective.
- Section 4 focuses on the key lessons learnt for financial entities, NCAs and the ESAs for the finalisation of their preparations for the official reporting of RoI to start from 2025.
Lessons learnt
Lessons learnt and recommendations for financial entities include that they:
- Should continue to identify and integrate missing data into their RoI, so they are able to submit full registers to their NCA and then the ESAs. Missing mandatory information will be flagged as data quality issues with the request to re-submit the registers within the short time frame provided.
- Are encouraged to continue as much as possible the preparation of their registers, especially for information which may not be immediately available (e.g. the relevant identifiers of their third-party service providers (TPPs)), where additional data collection/retrieval efforts may be necessary given that such information have not been used in the dry run.
- Are encouraged to ensure that they have a valid LEI for themselves and for all financial entities belonging to their consolidated groups noting that where the registers are reported on the consolidated basis, all financial entities included in template B_01.02 should be identified with LEI.
- Are encouraged to work with their TPP so that those are identified and recorded in the registers with identifiers specified in the ITS on the Registers of information.