top of page

Hybrid Lunch - Conference "The EU’s Digital Operational Resilience Act for financial services: A greater ambition for resilience"

Practical implications for Financial Institutions and areas of focus for IA


When: 26 January from 11:45 to 14:00

Where: IIA Luxembourg Office, 4 Op de Leemen L-5846 Fentange

Deadline to register: 23 January 2023

CPE Hours : 2


The Digital Operational Resilience Act (the DORA), the EU’s flagship initiative on digital operational and cyber resilience in the Financial Services (FS) sector, has been ratified by EU legislators and will start applying 24 months after its expected entry into force in January 2023.


It will introduce a unified regulatory and supervisory rulebook for ICT operational resilience in the financial sector, pushing FS firms to make substantial investments to improve their resilience to digital and cyber risk disruptions.  The DORA will not be a “one-off” compliance exercise but will instead push firms to remain resilient in an ever-changing threat landscape and an ever more complex technological environment.


The aim of this session will be twofold: first to understand the context of this new regulation and to provide an overview of the 4 main pillars of requirements that will apply to financial institutions; second, to analyse the practical implications for institutions (especially considering the already existing regulatory framework) and also the key considerations for IA.

Conference programme

  • Introduction: From financial resilience to digital operational resilience

  • Overview of the DORA’s requirements:

  • ICT Risk Management

  • ICT incident classification and reporting

  • Digital operational resilience testing

  • ICT third-party risk management and oversight framework for critical providers

  • The DORA will not be a “one-off” compliance exercise:

  • Practical implications and expected challenges for financial institutions

  • How to approach the entire journey towards digital operational resilience?

  • Concrete considerations for IA

  • Q&A Session



Stéphane Hurtaud, Partner, Deloitte Risk Advisory, Cyber Risk Leader


                                                                                                                                                                                                                                                                                                                                                                      Stéphane is a Partner within Deloitte Risk Advisory service line and is leading the Cyber Risk Services practice in Luxembourg. Stéphane has 26 years of experience in the IT & Cyber Risk, IT Audit and IT Governance fields (with a strong focus on the financial services industry) and more particularly in:


  • Designing and leading Cyber and Information Security Programs within complex organization

  • Evaluating and improving Cyber security at both strategic, operational and technical level

  • Assessing the Information System risk exposure and identifying solutions to improve the IT & Security control structure

  • Analysing and improving the level of maturity of IT organization, IT operations and IT architecture

  • Assessing Information System against regulatory and industry requirements.

Stéphane started his professional career at Deloitte in 1996, and until 2005, he supervised, planned and performed complex IT Audit & IT Risk engagements mainly for financial institutions in Luxembourg, Switzerland and in the United Kingdom. In 2005, Stéphane joined Dexia Group as Head of Internal Audit of Dexia Technology Services, and got promoted Chief Security Officer in 2008 in order to set-up and run a new group-wide IT security organization. Stéphane joined back Deloitte in May 2013. He holds several professional certifications (CISA, ISO27001 LI/LA, ISO27005, ITIL v3 foundation, CSSK).


Laureline Senequier, Director, Deloitte Risk Advisory                                       




Laureline is Director in the Risk Advisory Services, where she currently focuses on Information & Technology Risk. Laureline helps its clients navigating through the Risks and Regulatory challenges of Outsourcing, ICT Risks, Digital Resilience and Cloud Computing, especially in the Financial Sector as a highly regulated sector. She has supported a high range of financial institutions and insurance companies in their compliance journey for Outsourcing projects, Cloud Outsourcing projects, Outsourcing framework design, ICT Risk Assessments.

Laureline also has strong experience in IT specialized audit for Financial Statement Audits (GITC, Automated process audit), IT Internal Audits and IT specific or IT parts of Third Party Assurance (ISAE 3402, ISAE 3000 and SOC1/SOC2 reports).


Laureline is Board member of the ISACA association, Luxembourg chapter and active member of ABBL Workgroups on Cloud Computing and on Outsourcing. Laureline is a Certified Information System Auditor (CISA), a CIPP/E, an ISO 27001 Lead Auditor/Implementer and holds an ITIL V3 as well as PRINCE2 Foundation certification.

​A certificate of participation will be provided on request to participants who have fully attended the conference.


Best regards,

IIA Luxembourg 

DORA image.webp

Check our training and Young Professionals Community pages for other activities.

bottom of page