DORA Register of Information: Simplified, Accurate, and Compliant

The DORA Dry Run was a large-scale exercise conducted by the European Supervisory Authorities (ESAs) to test the readiness of financial entities in submitting their Register of Information (ROI) under the new DORA regulations. Key findings from the dry run include: - 86% of errors were caused by missing mandatory information, such as unique identifiers and supply chain data. - Only 6.5% of registers passed all data quality checks. - The ESAs highlighted that manual approaches, like spreadsheets, often lead to incomplete and non-compliant submissions, recommending automated tools for compliance.

With Formalize, you can avoid these pitfalls by leveraging automated processes that ensure complete, accurate, and compliant submissions from the start.

The ITS (Implementing Technical Standards) define specific and detailed implementation instructions on how to report to the European Supervisory Authorities (EBAs).

ITS overview of Register of Information:

• RT.01.01: Entity maintaining the register of information
• RT.01.02: List of entities within the scope of consolidation
• RT.01.03: List of branches
• RT.02.01: Contractual arrangements – general information
• RT.02.02: Contractual arrangements – specific information
• RT.02.03: List of intra-group contractual arrangements
• RT.03.01: Entities signing the contractual arrangements for receiving ICT service(s) or on behalf of the entities making use of the ICT service(s)
• RT.03.02: ICT third-party service providers signing the Contractual arrangements for providing ICT service(s)
• RT.03.03: Entities signing the Contractual arrangements for providing ICT service(s) to other entities within the scope of consolidation
• RT.04.01: Entities making use of the ICT services
• RT.05.01: ICT third-party service providers
• RT.05.02: ICT service supply chain
• RT.06.01: Functions identification
• RT.07.01: Assessments of the ICT services
• RT.09.01: Definitions from Entities making use of the ICT Services

Companies need to report on these 15 objectives to prove their DORA compliance.

Reference: JC 2023 85 Final report on draft ITS on Register of Information from the Joint Committee of the European Supervisory Authorities

The Register of Information is a key requirement under DORA, designed to document critical ICT third-party service providers and supply chains. The European Supervisory Authorities (ESAs) have emphasized that a manual, spreadsheet-based approach is not recommended. Instead, tools like Formalize simplify the process, ensuring compliance with accuracy and efficiency. The complexity of ROI prompted the ESAs to conduct a dry run of the Register of Information throughout 2024, in preparation for the expected mandatory submission of ROI in January 2025.

Formalize automates the reporting process, validating data at the time of entry to address common challenges such as missing mandatory fields and unique identifiers. By leveraging advanced validation and error detection tools, Formalize ensures your submissions meet regulatory standards without the pitfalls of manual processes. Furthermore, Formalize’s scalable platform is designed to adapt to evolving regulations, ensuring your compliance process remains future-proof. This flexibility is critical in meeting the iterative requirements set by the ESAs.

b_05.02 serves as a prime example of the complexities introduced with ROI reporting. You not only must report on the LEI-IDs of your suppliers, but you also need to account for your sub-suppliers and even the sub-suppliers of those.