Overview.
In response to evolving regulatory expectations around operational resilience and the Digital Operational Resilience Act (DORA), a market firm engaged Artex to support a major compliance and transformation initiative. The project focused on preparing for the March 2025 operational resilience self-assessment deadline, delivering the regulatory board pack and supporting documentation required and providing support with a DORA related visit by the client's lead European regulator.
Our flexible and expert-led approach enabled the client to exceed regulatory expectations, embed resilience across the organization and prepare for future scrutiny under both regulatory regimes.
Background: Operational Resilience and DORA.
Operational resilience regulations in the UK required firms to identify important business services, set impact tolerances and ensure they can continue to deliver services through disruption. The FCA, PRA and Bank of England mandate that firms must demonstrate resilience through self-assessments and board-level oversight.
Meanwhile, DORA, which applies across the EU, introduced a harmonized framework for managing information and communication technology (ICT) risk in financial services. It requires firms to:
- Establish robust ICT risk management frameworks.
- Conduct threat-led penetration testing.
- Report major ICT-related incidents.
- Manage third-party ICT service providers.
Both regimes demand a proactive, well-documented and enterprise-wide approach to resilience.
Client Situation.
The client, a regulated insurance firm operating across the UK and EU (and worldwide), sought to take a cautious and proactive approach to compliance. With a European regulatory review underway and a March 2025 deadline in the UK approaching, the firm wanted to ensure its operational resilience and DORA documentation was not only compliant but exemplary.
Objectives.
- Prepare a comprehensive self-assessment and board pack for the March 2025 operational resilience deadline.
- Support the client with the DORA review by their European lead regulator.
- Provide independent review, assurance and advisory input on the firm's approach.
- Develop a new target operating model (TOM) to embed resilience across the organization.
- Deliver a roadmap for implementation, including cultural change and training components.
Artex Solution.
We deployed a blended team of employees and talent pool members with expertise in operations, risk, data and resilience. The approach included:
- Documentation Review: Assessed all existing materials and processes for gaps and alignment with regulatory expectations.
- Stakeholder Engagement: Conducted interviews with key team members to understand operational realities and identify improvement areas.
- Workshops: Facilitated sessions to refine ideas, build consensus and shape the TOM.
- Board Pack Preparation: Delivered a high-quality board pack and self-assessment that was reviewed by the regulator and received positive feedback.
- DORA Support: Provided flexible, tailored guidance to help the client navigate a European regulatory review, including horizon scanning and strategic advice.
Outcome.
The client now has:
- A robust self-assessment and board pack process aligned with UK and EU regulatory expectations.
- A new TOM with clear, actionable recommendations and a roadmap for embedding resilience.
- Enhanced organizational awareness and culture around operational resilience.
- A strong operational position in relation to the DORA implementation deadlines.
Our support enabled the client to deliver early, exceed expectations and build a foundation for long-term resilience that was in line with both UK and EU regulatory expectations.
