Unwrapping DORA

EU and UK Operational Resilience (OpRes) implementation packages are creating nervousness at end-of-year gatherings this year. In the wake of CrowdStrike this July, regulators pushed ahead with their detailed standards, and we have now catalogued over 93 documents, spanning 3,304 pages and nearly 46,000 paragraphs across our EU, UK documents, which defines the law of


Bridging DORA Gaps 2025

The latest JWG survey results and insights reveal why collaboration between vendors and firms is critical to operational resilience. Contact us  Introduction The Digital Operational Resilience Act (DORA) is more than a looming regulatory deadline: it is a call to action for the entire financial ecosystem to rethink how our digital supply chain is managed,


Supplier countdown DORA: T-40

As the clock ticks down to the EU’s 17 January 2025 Digital Operational Resilience Act (DORA) deadline, suppliers face a unique opportunity to redefine their role. This isn’t just about compliance—it’s about fostering transparency, breaking silos, and becoming true partners in resilience. Far from being too late, now is the perfect time to get started.


DeFi RegTech Opportunities: 2025

As the Digital Operational Resilience Act (DORA) prepares to reshape the regulatory landscape for digital asset providers by 2025, businesses are under increasing pressure to implement robust operational resilience strategies. As JWG and Memery Crystal’s ‘Decoding DORA’s Digital Asset Impact’ roundtable, held under Chatham House rule with industry experts revealed this month, the distinct challenges


Despite various regulatory initiatives, the road to robust operational resilience is far from clear. We are still very much in the “foothills” of creating effective, adaptable resilience frameworks. Firms and their suppliers should view the Digital Operational Resilience Act (DORA) as the foothills of the Operational Resilience (OpRes) mountain, not the gold standard. By the


Navigating OpRes Storms in 2025

This week, ten leading financial institutions gathered at JWG’s Winning the OpRes Marathon roundtable in London to debate the evolving challenges of the Digital Operational Resilience Act (DORA) and other global Operational Resilience (OpRes) regulations. Hosted by First Derivative and facilitated by JWG under the Chatham House Rule, the discussions underscored the urgency for financial


Navigating OpRes with RegTech

In today’s interconnected world, operational resilience has become a top priority for financial institutions. With the implementation of the EU’s Digital Operational Resilience Act (DORA), organizations are being urged not only to get ready for storms, but to strengthen their overall infrastructure and how their fate is tied to the fleets they sail with. Captains


EU vs. UK OpRes: Ready, Set, Resilient!

In the global race for Operational Resilience (OpRes), climbing the DORA hill is the ultimate test for financial entities in Q125. JWG’s analysis reveals that DORA standards equips institutions for the UK’s requirements but the gap between UK obligations and DORA will trip some runners up. The reality is becoming clear: financial entities and their


Background: The EU digital asset agenda is not all about MiCA. To offer digital assets in Europe and the UK, firms and their suppliers will need to adhere to the EU Digital Operational Resilience Act (DORA) and corresponding UK regime in Q1 2025. Key insight: JWG, the industry’s regulatory think-tank has used its AI-natural language


Digital Operational Resilience Act (DORA) technical standards, due to come into force in January 2025 have been released to a quick retort from industry. AFME and EACB warn of missing data, confused risk controls to implement tough new data and reporting requirements. Firms and their suppliers now have a little over 400 working days to


Are EU ready for accountability RegTech?

Accountability regimes will force board members and senior management on the Continent to rethink compliance for the Senior Executive Accountability Regime (SEAR) in 2024. The new regime will ‘gold plate’ current EU law and present international firms with major new hurdles. Irish bankers will be individually accountable for their responsibilities, with fines and even jail


Culture war topics, the spread of misinformation, and the war in Ukraine have further complicated firms’ social media presence and their efforts to craft policies guiding what employees should and should not say online. Firms should reassess policies guiding employees’ social media posts on accounts linked to the company and weigh up whether they are


Surveillance RegTech 2022

The great work-from-home experiment forced traders from the office and digital surveillance teams into overdrive. RegTech can provide a path forward through serious legal obstacles that stand in the way of effective oversight. However, good compliance is not just about the tech and we need collaborative action to make surveillance RegTech fit for purpose. The


In an increasingly digital sector with divergent rule sets, the ability to manage the global compliance deltas in complex senior management accountability rules  is fast becoming a critical differentiator for senior management seeking to work across borders.   As we summarized in our latest Beacon, JWG’s surveillance community has covered quite a patchwork of regulatory obligations


Remember, Remember, the 5th of November… FCA, conduct and Ops

In Partnership with:

On Thursday last week, 5th November, the FCA published three Decision Notices, all prohibiting individuals from performing “any function in relation to any regulated activity carried on by any authorised or exempt persons or exempt professional persons” as each lacked “the necessary integrity and reputation required to work in the regulated financial services sector”. The offences


The UK’s Prudential Regulation Authority (PRA) has commissioned 11 skilled persons reviews under Section 166 of the Financial Services and Markets Act 2000 into firms’ regulatory reporting in the last two quarters. The PRA commissioned nine prudential s166 reviews of deposit takers in the fourth quarter 2019/20 (December through February), according to publicly available information.


FS Compliance officers have been hit with an unprecedented deluge of 3,021 COVID-19 alerts 2 months into the pandemic, which JWG forecasts to be a total of 15,695 documents by year end.   Regulators expect firms to be able to navigate these difficult circumstances while delivering fair outcomes for customers and complying with existing rules. That’s one of the clear messages in these 3,000 plus regulatory updates.  Better RegTech tooling is


SMCR: one year on…

7 March 2017 marked the first anniversary of the implementation of the Senior Managers and Certification Regime (SMCR). The rules set out by the Financial Conduct Authority and Prudential Regulation Authority seek to instil a culture of conduct and responsibility across the UK banking sector by focusing on individual accountability and placing explicit standards on


Only hours before JWG’s Customer Data Management Group (CDMG) met on 23 February, an announcement was made that more than a third of firms that submitted their responsibilities under the Senior Managers Regime (SMR) had been rejected for technical reasons. The UK FCA/PRA SMR passed its first major milestone for grandfathering on 8 February and


There will no doubt be many concerned faces amongst senior management this year as the new rules for the Senior Managers and Certification Regime (SMR) come into force over the next 12 months.  The first implementation date will be in February 2016 when firms will have to submit documents for grandfathering, then commencement of the


The FCA has just dropped their comprehensive review of UK banking culture, which focused on whether pay, promotions or incentives in the financial sector encourage malpractice.  Shortly after its announcement last year, it has been shelved, with the FCA citing that each business is unique and thus cannot easily be compared. To some this is


JWG analysis. The ousting of Martin Wheatley from the Financial Conduct Authority during the summer is a sign that the UK Government wants to take a stand on ‘bank bashing’, sending a global message that London is a bank friendly capital, and that there will be more emphasis on individual responsibility. During this year, there


JWG analysis. At the 8th Customer Data Management Group (CDMG) meeting of 2015, on 18 August, over 20 members from 10 firms came together to discuss the new Market Abuse Regulation (MAR) and the potential challenges it holds. With less than 11 months until particular sections of MAR will apply to the financial services industry,


JWG analysis. The commencement date (March 2016) of the Senior Managers Regime is fast approaching – but what does it mean for senior managers?  And will anyone want to be a senior manager when the regime finally commences? Whilst the new regime will only affect new applicants directly, those who are certified under the existing


By Sam Tyfield and JWG. As RegTech readers may recall, back in 2014, the prudential regulator in the UK released new rules for the firms it regulated – the ‘senior managers regime’ or SMR – and that the Bank of England was running a Fair and Effective Markets Review (FEMR) looking at what needed to change in


What happens if nobody owns regulation?

This summer, we found that the industry could face up to three Eiffel Towers high worth of paper from the G20.  Curious about the risks inherent in managing that many documents, we asked Meredith Gibson, Head of Legal Risk at Santander UK, and Helen Pykhova, Director of The Op Risk Company and Chair, Operational Risk


Today, JWG have published their much anticipated analysis report, ‘G20 FS reform: will you survive or thrive?’. The report surveys regulatory efforts from 131 regulatory bodies which have produced approximately 50,000 documents since 2009.  It finds that the volume, pace and complexity of deciding how to comply with a continually evolving regulatory agenda are staggering:


MiFID II set to expand op risk remit?

In our previous articles we’ve explored the expanding requirements for robust systems and risk controls under MiFID II, the nature of proportionality as it relates to algorithmic trading and the new accountability implications for senior managers. This article, written by Meredith Gibson, Head of Legal Risk, Santander UK plc and Helen Pykhova, Director, The Op


JWG analysis. The Bank of England (BoE), along with the Prudential Regulation Authority (PRA) and the Financial Conduct Authority, has released 2 joint consultations and 1 policy statement on remuneration, clawbacks, and accountability in Financial Services: 30 July – Policy Statement PS7/14 Clawback – here 30 July – Consultation Paper PRA CP15/14/FCA CP14/14 Strengthening the


JWG analysis. The desire for tighter controls on algorithmic trading is growing globally.  Trading rules in the major financial centres will quickly set new minimum thresholds. As described in our previous piece on how algos are defined and controlled, Europe is again leading the pack and would appear to have serious intent to change the


JWG analysis. Regulators across the globe appear divided on the question of whether tighter control of algorithmic trading is necessary. The Australians are pretty laid back about it, the Germans are ahead of the game, whilst political debate rages in the US.  Regardless, while the value of algo trading to global markets is generally considered


JWG analysis. Last week the Prudential Regulation Authority (PRA) released several key documents including its annual Policy Statement amending certain aspects of the PRA Rulebook. These policy changes are sure to have an impact across all firms that come under the PRA’s regulatory jurisdiction. The PRA has: Amended eight of its Fundamental Rules which replaced its


JWG analysis. The continent was rocked by far more than parliamentary elections on 22 May. Early reports from major financial centres confirm the impact from the 844 pages of text released by ESMA on MiFID II / MIFID to be about a 9 on the Richter scale – so high that ESMA’s website gave up


Video: Regulatory reform – 2014 helicopter view. Regulation is coming thick and fast.  Seventy thousand pages a year fast! Dealing with this deluge with a page-by-page, regulation-by-regulation approach is becoming impossible as the G20 commitments become spread across many rulebooks.  This means that firms trying to tackle the changes one-by-one will end up with sky-high implementation